Key Management System (KMS)
AWS KMS (Key Management Service)
Overview
AWS KMS integration - regscale aws sync_kms - assesses cryptographic controls (SC-12, SC-13, SC-28) and collects key management evidence from AWS Key Management Service.
Command Syntax
regscale aws sync_kms [OPTIONS]
Basic Usage
# Basic KMS compliance with evidence
regscale aws sync_kms --regscale_id 123 --collect-evidence
# Filter by tags and create issues
regscale aws sync_kms \
--regscale_id 123 \
--tags Environment=production \
--create-issues \
--create-poams
# Specific controls only
regscale aws sync_kms \
--regscale_id 123 \
--collect-evidence \
--evidence-control-ids SC-12,SC-13,SC-28
NIST 800-53 Controls Assessed
- SC-12: Cryptographic Key Establishment and Management
- SC-13: Cryptographic Protection
- SC-28: Protection of Information at Rest
What Gets Created in RegScale
- Control Assessments: SC-12, SC-13, SC-28 pass/fail status
- Evidence: Key metadata, rotation status, key policies
- Issues: Keys without rotation enabled, weak key policies
- Assets: KMS keys as security control assets
Common Use Cases
FedRAMP Cryptographic Controls
regscale aws sync_kms \
--regscale_id 123 \
--collect-evidence \
--evidence-control-ids SC-12,SC-13,SC-28 \
--tags ATO=FedRAMP \
--create-issues \
--create-poams
Production Key Management Audit
regscale aws sync_kms \
--regscale_id 123 \
--tags Environment=production \
--collect-evidence \
--create-issues
Command Options
| Option | Description | Example |
|---|---|---|
--regscale_id | Security Plan ID (required) | --regscale_id 123 |
--collect-evidence | Collect KMS evidence | --collect-evidence |
--evidence-control-ids | Specific controls | --evidence-control-ids SC-12,SC-13 |
--tags | Filter by tags | --tags Env=prod |
--create-issues | Create issues for failures | --create-issues |
--create-poams | Mark issues as POAMs | --create-poams |
Best Practices
- Enable automatic key rotation for all customer-managed keys
- Tag KMS keys with compliance and ownership information
- Review key policies regularly for least privilege
- Link to SC controls in your Security Plan
- Schedule monthly assessments for key management compliance
Updated about 7 hours ago