Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The EFS filesystem is encrypted at rest but does not use a customer-managed KMS key (CMK). Without a CMK, you cannot control key rotation or access policies for your data encryption.
Impact#
If a customer-managed KMS key is not used, you lose granular control over who can access or manage the encryption keys. This increases the risk of unauthorized data access, limits your ability to meet compliance requirements, and may make it harder to respond to key compromise or rotation needs.