docs.aws.amazon.com
Open in
urlscan Pro
13.33.88.70
Public Scan
Submitted URL: https://docs.aws.amazon.com/console/securityhub/Backup.1/remediation
Effective URL: https://docs.aws.amazon.com/securityhub/latest/userguide/backup-controls.html
Submission: On January 01 via api from SG — Scanned from SG
Effective URL: https://docs.aws.amazon.com/securityhub/latest/userguide/backup-controls.html
Submission: On January 01 via api from SG — Scanned from SG
Form analysis
0 forms found in the DOMText Content
SELECT YOUR COOKIE PREFERENCES We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can click “Customize cookies” to decline performance cookies. If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To continue without accepting these cookies, click “Continue without accepting.” To make more detailed choices or learn more, click “Customize cookies.” Accept all cookiesContinue without acceptingCustomize cookies CUSTOMIZE COOKIE PREFERENCES We use cookies and similar tools (collectively, "cookies") for the following purposes. ESSENTIAL Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms. PERFORMANCE Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes. Allow performance category Allowed FUNCTIONAL Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly. Allow functional category Allowed ADVERTISING Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising. Allow advertising category Allowed Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by clicking Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice. CancelSave preferences UNABLE TO SAVE COOKIE PREFERENCES We will only store essential cookies at this time, because we were unable to save your cookie preferences. If you want to change your cookie preferences, try again later using the link in the AWS console footer, or contact support if the problem persists. Dismiss Contact Us English Create an AWS Account 1. AWS 2. ... 3. Documentation 4. AWS Security Hub 5. User Guide Feedback Preferences AWS SECURITY HUB USER GUIDE * What is AWS Security Hub? * Terminology and concepts * Prerequisites and recommendations * Enabling Security Hub * Central configuration * Start using central configuration * Choosing management type * How configuration policies work * Creating and associating configuration policies * Viewing configuration policies * Updating configuration policies * Deleting and disassociating configuration policies * In-context configuration * Stop using central configuration * Managing administrator and member accounts * Managing accounts with AWS Organizations * Integrating Security Hub with AWS Organizations * Enabling new accounts automatically * Enabling member accounts * Disassociating organization member accounts * Disabling integration with AWS Organizations * Managing accounts by invitation * Adding and inviting member accounts * Responding to an invitation * Disassociating member accounts * Deleting member accounts * Disassociating from your administrator account * Transitioning to AWS Organizations * Allowed actions for accounts * Restrictions and recommendations * Effect of account actions on Security Hub data * Cross-Region aggregation * Central configuration and cross-Region aggregation * Enabling cross-Region aggregation * Viewing cross-Region aggregation settings * Updating the configuration * Stopping cross-Region aggregation * Findings * Creating and updating findings * Using BatchImportFindings * Using BatchUpdateFindings * Viewing a cross-Region finding summary * Viewing finding lists and details * Filtering and grouping findings (console) * Viewing finding details * Taking action on findings * Setting the workflow status of findings * Sending findings to a custom action * Finding format * ASFF syntax * Consolidation and ASFF * ASFF examples * Required top-level attributes * Optional top-level attributes * Resources * Resource attributes * AwsAmazonMQ * AwsApiGateway * AwsAppSync * AwsAthena * AwsAutoScaling * AwsBackup * AwsCertificateManager * AwsCloudFormation * AwsCloudFront * AwsCloudTrail * AwsCloudWatch * AwsCodeBuild * AwsDms * AwsDynamoDB * AwsEc2 * AwsEcr * AwsEcs * AwsEfs * AwsEks * AwsElasticBeanstalk * AwsElasticSearch * AwsElb * AwsEventBridge * AwsGuardDuty * AwsIam * AwsKinesis * AwsKms * AwsLambda * AwsMsk * AwsNetworkFirewall * AwsOpenSearchService * AwsRds * AwsRedshift * AwsRoute53 * AwsS3 * AwsSageMaker * AwsSecretsManager * AwsSns * AwsSqs * AwsSsm * AwsStepFunctions * AwsWaf * AwsXray * Container * Other * Insights * Viewing and filtering the list of insights * Viewing insight results and findings * Managed insights * Custom insights * Automations * Automation rules * Automated response and remediation * Types of EventBridge integration * EventBridge event formats * Configuring a rule for automatically sent findings * Configuring and using custom actions * Product integrations * Managing product integrations * AWS service integrations * Third-party product integrations * Using custom product integrations * Standards and controls * IAM permissions for standards and controls * Security checks and scores * AWS Config rules and security checks * Required AWS Config resources for control findings * Schedule for running security checks * Generating and updating control findings * Determining the control status * Determining security scores * Standards reference * AWS FSBP * CIS AWS Foundations Benchmark v1.2.0 and v1.4.0 * NIST SP 800-53 Rev. 5 * PCI DSS * Service-managed standards * Service-Managed Standard: AWS Control Tower * Viewing and managing security standards * Enabling and disabling standards * Viewing details for a standard * Enabling and disabling controls in specific standards * Controls reference * AWS account controls * AWS Certificate Manager controls * API Gateway controls * AWS AppSync controls * Athena controls * AWS Backup controls * CloudFormation controls * CloudFront controls * CloudTrail controls * CloudWatch controls * CodeBuild controls * AWS Config controls * AWS DMS controls * Amazon DocumentDB controls * DynamoDB controls * Amazon ECR controls * Amazon ECS controls * Amazon EC2 controls * Amazon EC2 Auto Scaling controls * Amazon EC2 Systems Manager controls * Amazon EFS controls * Amazon EKS controls * ElastiCache controls * Elastic Beanstalk controls * Elastic Load Balancing controls * Amazon EMR controls * Elasticsearch controls * EventBridge controls * Amazon FSx controls * GuardDuty controls * IAM controls * Kinesis controls * AWS KMS controls * Lambda controls * Macie controls * Amazon MSK controls * Amazon MQ controls * Neptune controls * Network Firewall controls * OpenSearch Service controls * AWS Private Certificate Authority controls * Amazon RDS controls * Amazon Redshift controls * Route 53 controls * Amazon S3 controls * SageMaker controls * Secrets Manager controls * Amazon SNS controls * Amazon SQS controls * Step Functions controls * AWS WAF controls * Viewing and managing security controls * Control categories * Enabling and disabling controls in all standards * Enabling new controls in enabled standards automatically * Custom control parameters * Controls that you might want to disable * Viewing details for a control * Filtering and sorting controls * Viewing and taking action on control findings * Viewing finding and resource details * Sample control findings * Filtering and sorting findings * Taking action on control findings * Dashboard * Creating resources with CloudFormation * Subscribing to Security Hub announcements * Security * Data protection * AWS Identity and Access Management * How AWS Security Hub works with IAM * Using service-linked roles * AWS managed policies * Compliance validation * Infrastructure security * VPC endpoints (AWS PrivateLink) * Logging API calls * Tagging resources * Quotas * Security Hub Regional limits * Regional limits on controls * Disabling Security Hub * Controls change log * Document history AWS Backup controls - AWS Security Hub AWSDocumentationAWS Security HubUser Guide [Backup.1] AWS Backup recovery points should be encrypted at rest AWS BACKUP CONTROLS PDFRSS These controls are related to AWS Backup resources. These controls may not be available in all AWS Regions. For more information, see Availability of controls by Region. [BACKUP.1] AWS BACKUP RECOVERY POINTS SHOULD BE ENCRYPTED AT REST Related requirements: NIST.800-53.r5 CP-9(8), NIST.800-53.r5 SI-12 Category: Protect > Data protection > Encryption of data-at-rest Severity: Medium Resource type: AWS::Backup::RecoveryPoint AWS Config rule: backup-recovery-point-encrypted Schedule type: Change triggered Parameters: None This control checks if an AWS Backup recovery point is encrypted at rest. The control fails if the recovery point isn't encrypted at rest. An AWS Backup recovery point refers to a specific copy or snapshot of data that is created as part of a backup process. It represents a particular moment in time when the data was backed up and serves as a restore point in case the original data becomes lost, corrupted, or inaccessible. Encrypting the backup recovery points adds an extra layer of protection against unauthorized access. Encryption is a best practice to protect the confidentiality, integrity, and security of backup data. REMEDIATION To encrypt an AWS Backup recovery point, see Encryption for backups in AWS Backup in the AWS Backup Developer Guide. Javascript is disabled or is unavailable in your browser. To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. Document Conventions Athena controls CloudFormation controls Did this page help you? - Yes Thanks for letting us know we're doing a good job! If you've got a moment, please tell us what we did right so we can do more of it. Did this page help you? - No Thanks for letting us know this page needs work. We're sorry we let you down. If you've got a moment, please tell us how we can make the documentation better. DID THIS PAGE HELP YOU? Yes No Provide feedback NEXT TOPIC: CloudFormation controls PREVIOUS TOPIC: Athena controls NEED HELP? * Connect with an AWS IQ expert PrivacySite termsCookie preferences © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. ON THIS PAGE * [Backup.1] AWS Backup recovery points should be encrypted at rest DID THIS PAGE HELP YOU? - NO Thanks for letting us know this page needs work. We're sorry we let you down. If you've got a moment, please tell us how we can make the documentation better. Feedback INTRODUCING AMAZON Q Receive guidance, get troubleshooting tips, and learn about AWS services and capabilities.