More Info:

AWS S3 buckets should be configured to use Server-Side Encryption with customer managed CMKs instead of S3-Managed Keys (SSE-S3) in order to obtain a fine-grained control over Amazon S3 data-at-rest encryption and decryption process.

Risk Level

Low

Address

Security

Compliance Standards

NIST, AWSWAF, HITRUST, SOC2, NISTCSF, PCIDSS

Triage and Remediation

Remediation

Using Console

Additional Reading: