Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The FSX ONTAP file system resource is not configured to use a customer-managed KMS key for encryption at rest. Without specifying a ‘kms_key_id’, you lose control over key management, including access and rotation policies.
Impact#
If the file system is not encrypted with a customer-managed key, sensitive data stored within could be less secure, increasing the risk of unauthorized access or data exposure. You may also be unable to enforce your organization’s compliance requirements for encryption key control and auditing.