A MongoDB instance with Transparent Data Encryption (TDE) enabled using a custom key is evaluated as compliant.
Scenarios
Use this rule to verify that MongoDB instances encrypt data at rest with a customer-managed key, meeting compliance requirements for data storage security without affecting business performance.
Risk level
Default risk level: medium.
You can change the risk level as needed.
Detection logic
A MongoDB instance with TDE enabled using a custom key is evaluated as compliant. Serverless instances are not applicable.
Rule details
|
Parameter |
Description |
|
Rule name |
Configure transparent data encryption (TDE) for MongoDB with a custom key |
|
Rule template identity |
|
|
Automatic remediation |
Not supported |
|
Trigger type |
Periodic: Every 24 hours |
|
Resource type evaluated by the rule |
ACS::MongoDB::DBInstance |
|
Input parameter |
None |
Remediation guidance
For more information, see Configure transparent data encryption (TDE).