High

Ensure EFS file systems are encrypted

Description

To comply with security and compliance standards, it's important to ensure that your Amazon EFS file systems are encrypted. This will help to protect your data and metadata from unauthorized access. With EFS, encryption is done transparently as data is written and decrypted as data is read. This means that there is no need for additional actions to be taken by you or your application. Furthermore, encryption keys are managed by the AWS KMS service, eliminating the need for you to build and maintain a secure key management infrastructure. We strongly recommend that you encrypt your EFS file systems to ensure the security of your data at rest and to comply with data-at-rest encryption requirements within your organization.

Remediation

To ensure that your Amazon EFS file systems are encrypted, you can follow these remediation steps:

  1. Enable encryption on your existing EFS file systems: You can enable encryption on your existing EFS file systems by using the AWS Management Console, AWS CLI, or AWS SDKs. You can select the encryption key from the AWS KMS service to encrypt your EFS file systems.
  2. Create new encrypted EFS file systems: You can create new encrypted EFS file systems by selecting the option to enable encryption during the creation process. You can select the encryption key from the AWS KMS service to encrypt your EFS file systems.
  3. Verify that encryption is enabled: Once you have enabled encryption on your EFS file systems, you can verify that it is enabled by checking the EFS console, CLI or SDKs.
  4. Update your organization's policies and procedures: After you have enabled encryption on your EFS file systems, you should update your organization's policies and procedures to ensure that all new EFS file systems are encrypted and that any existing file systems are encrypted as soon as possible.
  5. Regularly monitor and audit your EFS file systems: To ensure that your EFS file systems remain encrypted, you should regularly monitor and audit them. You can use AWS Config rules to check that encryption is enabled and properly configured.

By following these remediation steps, you can ensure that your Amazon EFS file systems are encrypted and compliant with your organization's security and compliance requirements.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.