infrastructure
Encryption key access restricted
Privileged access to encryption keys restricted to authorized users with documented business need.
PassingCritical RiskSemi-Automated
Owner
Infrastructure Team
Last Tested
10/6/2025
Test Frequency
Continuous
Maturity Level
Level 4 / 5
Framework Mappings
Evidence (6)
DynamoDB Tables encrypted (AWS)
Verifies that AWS provides encryption at rest of all data stored within DynamoDB by default.
DATA STORAGE•TEST
User data is encrypted at rest
This test checks that all Amazon RDS instances storing user data are encrypted at rest. Encryption at rest helps ensure sensitive data remains secure even if storage is compromised.
DATA STORAGE•TEST
Personnel computer hard disk encryption
This test verifies that all of the employees' workstations with Vanta Device Monitor installed have encrypted hard drives across macOS, Windows, and Linux platforms.
COMPUTERS•TEST
SSL/TLS on admin page of infrastructure console
This test confirms that all AWS service API endpoints enforce encryption via TLS (Transport Layer Security) by default. This ensures secure communication between your administrators and AWS infrastructure services.
MONITORING ALERTS•TEST
Encryption key access restricted
Please provide timestamped screenshots directly from the KMS showing the users who had access to the encryption keys during the audit period.
CUSTOM•EVIDENCE_REQUEST
Remote access encrypted enforced
Please provide a timestamped screenshot of the encryption configuration (e.g., SSL/TLS/VPN) used for accessing the production systems remotely.
CUSTOM•EVIDENCE_REQUEST
Related Policies
Control Information
- Control ID
- encryption-key-access-restricted
- Category
- INFRASTRUCTURE
- Family
- infrastructure
- Last Updated
- 10/6/2025