AWS-KMS-custom-key-stores-connected-to-cloudHSM

Severity: High

Description: This control ensures all the Custom Key stores are connected to the associated CloudHSM cluster. Custom Key Stores can be used if more control is required over the storage of the key material of a AWS KMS CMK. A custom key store is backed by Hardware Security Modules (HSMs) that are used for creating and storing cryptographic key material. These HSMs are a part of AWS CloudHSM cluster and the custom key store needs to be connected to the CloudHSM cluster to function as intended.

Remediation Steps:

Important:

Reference:

• AWS Key Management Service - AWS Key Management Service