Configure transparent data encryption (TDE) for MongoDB with a custom key

更新时间:
复制 MD 格式

A MongoDB instance with Transparent Data Encryption (TDE) enabled using a custom key is evaluated as compliant.

Scenarios

Use this rule to verify that MongoDB instances encrypt data at rest with a customer-managed key, meeting compliance requirements for data storage security without affecting business performance.

Risk level

Default risk level: medium.

You can change the risk level as needed.

Detection logic

A MongoDB instance with TDE enabled using a custom key is evaluated as compliant. Serverless instances are not applicable.

Rule details

Parameter

Description

Rule name

Configure transparent data encryption (TDE) for MongoDB with a custom key

Rule template identity

mongodb-instance-encryption-byok-check

Automatic remediation

Not supported

Trigger type

Periodic: Every 24 hours

Resource type evaluated by the rule

ACS::MongoDB::DBInstance

Input parameter

None

Remediation guidance

For more information, see Configure transparent data encryption (TDE).