diff --git a/cloud/aws/firehose/firehose-server-destination-encryption.yaml b/cloud/aws/firehose/firehose-server-destination-encryption.yaml
new file mode 100644
index 0000000000..8f13ac7c63
--- /dev/null
+++ b/cloud/aws/firehose/firehose-server-destination-encryption.yaml
@@ -0,0 +1,58 @@
+id: firehose-server-destination-encryption
+
+info:
+  name: Firehose Delivery Stream Destination Encryption - Disabled
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    Ensure that your Kinesis Firehose delivery stream data records are encrypted at destination (i.e. Amazon S3) in order to meet regulatory requirements and protect your Firehose data at rest.
+  impact: |
+    Disabling encryption for Firehose delivery stream destinations can lead to sensitive data being stored unencrypted, increasing the risk of data exposure and unauthorized access.
+  remediation: |
+    Enable encryption for Firehose delivery stream destinations to ensure that all data is encrypted at rest, safeguarding sensitive information from unauthorized access and potential data breaches.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Firehose/delivery-stream-destination-encryption.html
+    - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
+  tags: cloud,devops,aws,amazon,firehose,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let DeliveryStreamNames of iterate(template.deliverys)){
+    set("delivery", DeliveryStreamNames)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws firehose list-delivery-streams --region $region --query 'DeliveryStreamNames' --output json
+
+    extractors:
+      - type: json
+        name: deliverys
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+    source: |
+        aws firehose describe-delivery-stream --region $region --delivery-stream-name $delivery --query 'DeliveryStreamDescription.Destinations[*].ExtendedS3DestinationDescription.EncryptionConfiguration' --output json
+
+    matchers:
+      - type: word
+        words:
+          - "NoEncryption"
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"Firehose Delivery Stream Destination " + delivery + " Encryption is Disabled"'
\ No newline at end of file
diff --git a/cloud/aws/firehose/firehose-server-side-encryption.yaml b/cloud/aws/firehose/firehose-server-side-encryption.yaml
new file mode 100644
index 0000000000..d4d4eb12d0
--- /dev/null
+++ b/cloud/aws/firehose/firehose-server-side-encryption.yaml
@@ -0,0 +1,58 @@
+id: firehose-server-side-encryption
+
+info:
+  name: Firehose Delivery Stream Server-Side Encryption - Disabled
+  author: DhiyaneshDK
+  severity: high
+  description: |
+    Ensure that your Amazon Kinesis Data Firehose delivery streams are encrypted using Server-Side Encryption.
+  impact: |
+    Disabling server-side encryption for Firehose delivery streams can result in unencrypted data being stored, exposing sensitive information to unauthorized access and increasing the risk of data breaches.
+  remediation: |
+    Enable server-side encryption for Firehose delivery streams to ensure that data is securely encrypted at rest, protecting sensitive information from unauthorized access.
+  reference:
+    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Firehose/delivery-stream-encrypted-with-kms-customer-master-keys.html
+    - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
+  tags: cloud,devops,aws,amazon,firehose,aws-cloud-config
+
+variables:
+  region: "us-west-2"
+
+flow: |
+  code(1)
+  for(let DeliveryStreamNames of iterate(template.deliverys)){
+    set("delivery", DeliveryStreamNames)
+    code(2)
+  }
+
+self-contained: true
+
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws firehose list-delivery-streams --region $region --query 'DeliveryStreamNames' --output json
+
+    extractors:
+      - type: json
+        name: deliverys
+        internal: true
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+    source: |
+        aws firehose describe-delivery-stream --region $region --delivery-stream-name $delivery --query 'DeliveryStreamDescription.DeliveryStreamEncryptionConfiguration.KeyType' --output json
+
+    matchers:
+      - type: word
+        words:
+          - "null"
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"Firehose delivery stream " + delivery + " is not encrypted using SSE"'
\ No newline at end of file