EncryptDataAtRestWithAead [rule] v0.1.0

Sensitive data at rest must be encrypted with an authenticated cipher mode (AEAD) — AES-256-GCM, ChaCha20-Poly1305, or AES-SIV. Never use raw AES-CBC, ECB, or any unauthenticated mode. The library and key-management story matter more than the cipher choice.

Checks

• Cipher: AES-256-GCM, ChaCha20-Poly1305, or AES-SIV. Reject AES-ECB, raw AES-CBC, RC4, DES, 3DES.
• Per-message random nonce of correct size (96 bits for GCM); never reuse a (key, nonce) pair.
• Authentication tag (16 bytes) verified on decrypt before any plaintext is used; reject on tag mismatch.
• Keys come from a managed source (KMS / HSM / vault); never hardcoded or committed to source control.
• Key rotation procedure exists and has been exercised.

Label

Use authenticated encryption (AEAD) for data at rest

EncryptDataAtRestWithAead [rule] v0.1.0

Sensitive data at rest must be encrypted with an authenticated cipher mode (AEAD) — AES-256-GCM, ChaCha20-Poly1305, or AES-SIV. Never use raw AES-CBC, ECB, or any unauthenticated mode. The library and key-management story matter more than the cipher choice.

Checks

• Cipher: AES-256-GCM, ChaCha20-Poly1305, or AES-SIV. Reject AES-ECB, raw AES-CBC, RC4, DES, 3DES.
• Per-message random nonce of correct size (96 bits for GCM); never reuse a (key, nonce) pair.
• Authentication tag (16 bytes) verified on decrypt before any plaintext is used; reject on tag mismatch.
• Keys come from a managed source (KMS / HSM / vault); never hardcoded or committed to source control.
• Key rotation procedure exists and has been exercised.

Label

Use authenticated encryption (AEAD) for data at rest

Label

Use authenticated encryption (AEAD) for data at rest