Ensure that the data stored on Machine Learning (ML) storage volumes attached to your AWS SageMaker notebook instances is encrypted in order to meet regulatory requirements and protect your SageMaker data at rest. SageMaker is a fully-managed AWS service that enables developers and data engineers to quickly and easily build, train and deploy machine learning models at any scale. An AWS SageMaker notebook instance is a fully managed ML instance that is running the Jupyter Notebook open-source web application.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When working with sensitive or private data such as Personally Identifiable Information (PII), it is strongly recommended to implement encryption at rest in order to protect your data from unauthorized entities and fulfill any compliance requirements strictly defined within your organization.
To determine if your Amazon SageMaker instance storage volumes are using encryption, perform the following actions:
Remediation / Resolution
To enable data encryption for an existing AWS SageMaker notebook instance, you must re-create that notebook instance with the necessary encryption configuration. To launch your new SageMaker notebook instance, enable data-at-rest encryption and copy your existing data to it, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Notebook Data Encrypted
Risk level: High