DRHCSEC06-BP02 Control access to locations where AWS Outposts are deployed using systems like keys and biometrics

This practice verifies that only authorized personnel can gain physical access to AWS Outposts racks or servers.

Desired outcome: Reduced risk of data stored on Outposts becoming unreadable due to lack of access to the encryption key.

Common anti-patterns:

Benefits of establishing this best practice: Reduce security risk by minimizing ability to physically interact with the hardware.

Level of risk exposed if this best practice is not established: High

Implementation guidance

Controlling physical access to AWS Outposts racks and servers is of particular importance because the Nitro Security Key (NSK) plays a key role in the encryption at rest and protection of data. As a result, purposeful or inadvertent destruction can lead to irrevocable loss of customer data. For a deeper understanding of the AWS Nitro system and how the NSK fits into it, see The components of the Nitro System.
Review Tamper monitoring on AWS Outposts equipment section of the AWS User Gude for Outposts Racks.
Maintain video surveillance of access points to locations where AWS Outposts are deployed so that physical access can be monitored and made available for event forensics.

Related documentation:

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

DRHCSEC06-BP01 Restrict the number of people authorized to gain physical access to your AWS Outposts

DRHCSEC07-BP01 Implement network traffic inspection-based protection