---
title: MSK clusters should use ZooKeeper TLS and security groups
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > MSK clusters should use ZooKeeper TLS
  and security groups
---

# MSK clusters should use ZooKeeper TLS and security groups
 
## Description{% #description %}

ZooKeeper nodes for MSK clusters should use TLS and be protected by security groups. TLS protects ZooKeeper traffic in transit, and security groups restrict access to approved network paths.

## Remediation{% #remediation %}

Enable ZooKeeper TLS and associate security groups with the broker node group. For guidance, refer to [MSK cluster security settings](https://docs.aws.amazon.com/msk/latest/developerguide/msk-update-security.html).