Data Security Basics Policy

Open Raven provides a set of default Policy Sets. This is a list of Rules that check the most important data security issues.

Rule Name

Description

Personal & Privacy data is encrypted at rest

Encryption for data at rest should be enabled on any data store that has personal & privacy data.

Financial data encrypted at rest

Encryption for data at rest should be enabled on any data store that has financial data.

Health care data encrypted at rest

Encryption for data at rest should be enabled on any data store that has health care data.

Developers secrets encrypted at rest

Encryption for data at rest should be enabled on any data store that has developer secrets.

Personal & Privacy data is backed up and backups are encrypted

Backup should be enabled on any data store that has personal & privacy data.

Data stores with personal & privacy data are logging

Data stores with personal & privacy data should have logging enabled to record security events.

Open S3 buckets

S3 buckets should not be made public to the Internet.

MFA enabled

Multi-Factor Authentication should be required for all by admins access to any asset.