Amazon Kinesis

1.18: Amazon Kinesis does not enforce data-at-rest encryption

📘 The lack of data-at-rest encryption in Amazon Kinesis exposes the data stream to potential unauthorized access and data breaches. Enforcing encryption is essential for securing data stored in Kinesis, ensuring its confidentiality and integrity.

  • Section: Encryption
  • Severity: High
  • CWE: CWE-311 Missing Encryption of Sensitive Data
  • Assurance Scope: PCI, NIST, HIPPA
  • Threat Modeling Principal: Tampering, Spoofing, Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

1.19: Amazon Kinesis does not enforce data-at-rest encryption using KMS CMKs

📘 Not using KMS CMKs for data-at-rest encryption in Amazon Kinesis can lead to weaker data security controls. Utilizing KMS CMKs provides enhanced encryption management, ensuring robust protection for data stored within Kinesis streams.

  • Section: Encryption
  • Severity: High
  • CWE: CWE-653 Insufficient Compartmentalization
  • Assurance Scope: PCI, NIST, HIPPA
  • Threat Modeling Principal: Tampering, Spoofing, Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

Updated 5 months ago

What’s Next