AWS prescriptive-guidance documentation change
Summary
Updated breadcrumb navigation links, fixed TLS protocol link spacing, standardized KMS terminology, added step numbering to headings, and clarified immutable storage usage.
Security assessment
Changes are editorial improvements and formatting adjustments without introducing new security concepts or addressing vulnerabilities. The added step numbers and 'immutable storage' clarification enhance existing security documentation but don't address specific vulnerabilities.
Diff
diff --git a/prescriptive-guidance/latest/security-best-practices/encrypt.md b/prescriptive-guidance/latest/security-best-practices/encrypt.md index 6270d9563..f43c5c26a 100644 --- a//prescriptive-guidance/latest/security-best-practices/encrypt.md +++ b//prescriptive-guidance/latest/security-best-practices/encrypt.md @@ -5 +5 @@ -[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Top 10 security best practices for securing backups in AWS](welcome.html) +[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Top 10 security best practices for securing backups in AWS](introduction.html) @@ -13 +13 @@ For example, if you configure overly permissive access control policies on your -To get the most from AWS Cloud encryption, encrypt data both in transit and at rest. To protect data in transit, AWS uses published API calls to access AWS Backup through the network using the [TLS protocol](https://aws.amazon.com/blogs/security/tls-1-2-to-become-the-minimum-for-all-aws-fips-endpoints/) to provide encryption between you, your application, and the AWS Backup service. To protect data at rest, you can use AWS cloud-native [AWS Key Management Service](https://aws.amazon.com/kms/) (AWS KMS) or [AWS CloudHSM](https://aws.amazon.com/cloudhsm/). A cloud-based hardware security model (HSM), AWS CloudHSM uses Advanced Encryption Standard (AES) with 256-bit keys (AES-256), a strong industry-adopted algorithm for encrypting data. Evaluate your data governance and regulatory requirements, and select the appropriate encryption service to encrypt your cloud data and backup vaults. +To get the most from AWS Cloud encryption, encrypt data both in transit and at rest. To protect data in transit, AWS uses published API calls to access AWS Backup through the network using the[ TLS protocol](https://aws.amazon.com/blogs/security/tls-1-2-to-become-the-minimum-for-all-aws-fips-endpoints/) to provide encryption between you, your application, and the AWS Backup service. To protect data at rest, you can use AWS cloud-native [AWS Key Management Service (KMS)](https://aws.amazon.com/kms/) or [AWS CloudHSM](https://aws.amazon.com/cloudhsm/). A cloud-based hardware security model (HSM), AWS CloudHSM uses Advanced Encryption Standard (AES) with 256-bit keys (AES-256), a strong industry-adopted algorithm for encrypting data. Evaluate your data governance and regulatory requirements, and select the appropriate encryption service to encrypt your cloud data and backup vaults. @@ -17 +17 @@ Encryption configuration differs depending on the resource type and backup opera -You can use [AWS KMS](https://aws.amazon.com/blogs/security/encrypt-global-data-client-side-with-aws-kms-multi-region-keys/) multi-Region keys to replicate keys from one Region into another. Multi-Region keys are designed to simplify encryption management when your encrypted data has to be copied into other Regions for disaster recovery. Evaluate the need to implement multi-Region AWS KMS keys as part of your overall backup strategy. +You can use [AWS KMS multi-Region keys](https://aws.amazon.com/blogs/security/encrypt-global-data-client-side-with-aws-kms-multi-region-keys/) to replicate keys from one Region into another. Multi-Region keys are designed to simplify encryption management when your encrypted data has to be copied into other Regions for disaster recovery. Evaluate the need to implement multi-Region AWS KMS keys as part of your overall backup strategy. @@ -25 +25 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Access control mechanisms +Step 4. Implement access control mechanisms @@ -27 +27 @@ Access control mechanisms -Safeguard backups +Step 6. Safeguard backups using immutable storage