More Info:

Ensure that all AWS Systems Manager (SSM) parameters that store sensitive information such as passwords, database strings and license codes are encrypted in order to meet security and compliance requirements. An encrypted SSM parameter (i.e. a configuration parameter with the type set to SecureString) is any sensitive data that needs to be stored and referenced in a secure manner. An encrypted SSM parameters can be used for the following scenarios:

Risk Level

Medium

Address

Security

Compliance Standards

HIPAA, GDPR, CISAWS, CBP

Triage and Remediation

Remediation

Using Console

Additional Reading: