Question 1

Is backup_retention_period enforced for NIST Cybersecurity Framework v2.0?

Accepted Answer

Yes, The backup feature of AWS RDS creates backups of your databases and transaction logs.

Question 2

Is cloudwatch_log_group_kms_key_id enforced for NIST Cybersecurity Framework v2.0?

Accepted Answer

Yes, To help protect sensitive data at rest, ensure encryption is enabled for your AWS CloudWatch Log Group.

Question 3

Is cloudwatch_log_group_retention_in_days enforced for NIST Cybersecurity Framework v2.0?

Accepted Answer

Yes, Ensure a minimum duration of event log data is retained for your log groups to help with troubleshooting and forensics investigations.

Question 4

Is deletion_protection enforced for NIST Cybersecurity Framework v2.0?

Accepted Answer

Yes, Ensure AWS Relational Database Service (AWS RDS) instances have deletion protection enabled.

Question 5

Is monitoring_interval enforced for NIST Cybersecurity Framework v2.0?

Accepted Answer

Yes, Enable AWS Relational Database Service (AWS RDS) to help monitor AWS RDS availability. This provides detailed visibility into the health of your AWS RDS database instances.

Question 6

Is multi_az enforced for NIST Cybersecurity Framework v2.0?

Accepted Answer

Yes, Multi-AZ support in AWS Relational Database Service (AWS RDS) provides enhanced availability and durability for database instances.

Question 7

Is storage_encrypted enforced for NIST Cybersecurity Framework v2.0?

Accepted Answer

Yes, To help protect data at rest, ensure that encryption is enabled for your AWS Relational Database Service (AWS RDS) instances.

AWS RDS Terraform module

Terraform Module Source