This rule checks whether Transparent Data Encryption (TDE) is enabled with a custom key for a Redis instance. A compliant instance has TDE enabled with a custom key.
Scenarios
Encrypting data with a custom key helps meet regulatory requirements and improve data security.
Risk level
Default risk level: Medium.
You can change the risk level when you apply this rule.
Detection logic
-
A Redis instance is considered "compliant" if TDE is enabled with a custom key.
-
A Redis instance is considered "non-compliant" if TDE is not enabled, or if TDE is enabled with an auto-generated key. To fix this issue, see Remediation.
Rule details
|
Parameter |
Description |
|
Rule name |
Enable TDE with a custom key for a Redis instance |
|
Rule identifier |
redis-instance-enabled-byok-tde |
|
Tag |
Redis |
|
Auto-remediation |
Not supported |
|
Rule trigger mechanism |
Periodic execution |
|
Trigger frequency |
24 hours |
|
Supported resource types |
Redis instance |
|
Rule input parameters |
None |
Remediation
Enable TDE for the Redis instance with a custom key. For more information, see Enable Transparent Data Encryption (TDE).