Fixed incorrect description of a rego policy for RDS encryption

tenable · Feb 7, 2021 · 91c018a · 91c018a
1 parent dabcffb
commit 91c018a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0414.json b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0414.json
@@ -3,7 +3,7 @@
     "file": "rdsHasStorageEncrypted.rego",
     "template_args": null,
     "severity": "HIGH",
-    "description": "Ensure that your RDS database instances have automated backups enabled for point-in-time recovery. To back up your database instances, AWS RDS take automatically a full daily snapshot of your data (with transactions logs) during the specified backup window and keeps the backups for a limited period of time (known as retention period) defined by the instance owner.",
+    "description": "Ensure that your RDS database instances encrypt the underlying storage. Encrypted RDS instances use the industry standard AES-256 encryption algorithm to encrypt data on the server that hosts RDS DB instances. After data is encrypted, RDS handles authentication of access and descryption of data transparently with minimal impact on performance.",
     "reference_id": "AWS.RDS.DataSecurity.High.0414",
     "category": "Data Security",
     "version": 1