AWS securityagent documentation change
Summary
Updated data protection documentation to specify default encryption and add support for customer managed keys (CMKs) with links to new documentation.
Security assessment
Enhances security documentation by introducing customer managed key support for encryption, giving users more control over data protection, but no concrete evidence of addressing a specific security issue.
Diff
diff --git a/securityagent/latest/userguide/data-protection.md b/securityagent/latest/userguide/data-protection.md index fa428ba65..a3dabbd80 100644 --- a//securityagent/latest/userguide/data-protection.md +++ b//securityagent/latest/userguide/data-protection.md @@ -32 +32 @@ We strongly recommend that you never put confidential or sensitive information, -AWS Security Agent encrypts all data at rest using AWS-managed encryption keys. This includes: +AWS Security Agent encrypts all data at rest using AWS-managed encryption keys by default. This includes: @@ -45 +45 @@ AWS Security Agent encrypts all data at rest using AWS-managed encryption keys. -AWS Security Agent uses AWS Key Management Service (AWS KMS) to manage encryption keys. You cannot use customer managed keys for AWS Security Agent at this time. +AWS Security Agent uses AWS Key Management Service (AWS KMS) to manage encryption keys. You can optionally use a customer managed key to encrypt your data, giving you full control over the encryption keys that protect your resources. For more information, see [Customer managed keys for AWS Security Agent](./customer-managed-keys.html). @@ -64 +64 @@ AWS Security Agent encrypts all data in transit using Transport Layer Security ( -AWS Security Agent uses AWS Key Management Service (AWS KMS) to manage encryption keys. You cannot use customer managed keys for AWS Security Agent at this time. +AWS Security Agent uses AWS Key Management Service (AWS KMS) to manage encryption keys. By default, data is encrypted using AWS-managed keys. You can optionally specify a customer managed key when creating resources such as Agent Spaces and integrations. For more information, see [Customer managed keys for AWS Security Agent](./customer-managed-keys.html).