Control: AWS > NIST 800-53 > CloudTrail > CloudTrail trail logs should be encrypted with KMS CMK

To help protect sensitive data at rest, ensure encryption is enabled for your Amazon CloudWatch Log Groups.

Resource Types

This control targets the following resource types:

Control Type URI

tmod:@turbot/aws-nist-800-53#/control/types/cloudTrailTrailLogsEncryptedWithKmsCmk

Category URI

tmod:@turbot/turbot#/control/categories/complianceNist80053

GraphQL

query controlType(id: "tmod:@turbot/aws-nist-800-53#/control/types/cloudTrailTrailLogsEncryptedWithKmsCmk") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-nist-800-53#/control/types/cloudTrailTrailLogsEncryptedWithKmsCmk'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-nist-800-53#/control/types/cloudTrailTrailLogsEncryptedWithKmsCmk"