Control: AWS > NIST 800-53 > Logs > Log group encryption at rest should be enabled

To help protect sensitive data at rest, ensure encryption is enabled for your Amazon CloudWatch Log Group

Resource Types

This control targets the following resource types:

Control Type URI

tmod:@turbot/aws-nist-800-53#/control/types/logGroupEncryptionAtRestEnabled

Category URI

tmod:@turbot/turbot#/control/categories/complianceNist80053

GraphQL

query controlType(id: "tmod:@turbot/aws-nist-800-53#/control/types/logGroupEncryptionAtRestEnabled") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-nist-800-53#/control/types/logGroupEncryptionAtRestEnabled'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-nist-800-53#/control/types/logGroupEncryptionAtRestEnabled"