diff --git a/avd_docs/aws/efs/AVD-AWS-0194/docs.md b/avd_docs/aws/efs/AVD-AWS-0194/docs.md
new file mode 100644
index 000000000..e00635ac8
--- /dev/null
+++ b/avd_docs/aws/efs/AVD-AWS-0194/docs.md
@@ -0,0 +1,13 @@
+
+Ensures that EFS volumes are encrypted at rest
+
+### Impact
+<!-- Add Impact here -->
+
+<!-- DO NOT CHANGE -->
+{{ remediationActions }}
+
+### Links
+- https://docs.aws.amazon.com/efs/latest/ug/encryption.html
+
+
diff --git a/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md b/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md
index 1cee68f20..f69f12cad 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-01010/docs.md
@@ -2,7 +2,7 @@
 Storing sensitive content such as usernames and email addresses in configMaps is unsafe
 
 ### Impact
-Unsafe storage of sensitive content in configMaps could lead to the information being compromised.
+<!-- Add Impact here -->
 
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
diff --git a/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
index e8258523c..6af76b2a2 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0107/docs.md
@@ -1,5 +1,5 @@
 
-apiVersion and kind has been deprecated
+apiVersion '' and kind '' has been deprecated on: '' and planned for removal on:''
 
 ### Impact
 <!-- Add Impact here -->
@@ -7,4 +7,7 @@ apiVersion and kind has been deprecated
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
 
+### Links
+- 
+
 
diff --git a/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
index 8d55a3498..9c1e77234 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0108/docs.md
@@ -2,8 +2,8 @@
 Services with external IP addresses allows direct access from the internet and might expose risk for CVE-2020-8554
 
 ### Impact
-Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
-https://www.cvedetails.com/cve/CVE-2020-8554/
+<!-- Add Impact here -->
+
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
 
diff --git a/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md b/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md
index d215353f0..70bba0fb1 100644
--- a/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md
+++ b/avd_docs/kubernetes/general/AVD-KSV-0109/docs.md
@@ -2,7 +2,7 @@
 Storing secrets in configMaps is unsafe
 
 ### Impact
-Unsafe storage of secret content in configMaps could lead to the information being compromised.
+<!-- Add Impact here -->
 
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
diff --git a/internal/rules/policies/cloud/policies/aws/efs/enable_at_rest_encryption.rego b/internal/rules/policies/cloud/policies/aws/efs/enable_at_rest_encryption.rego
new file mode 100644
index 000000000..009a0ad46
--- /dev/null
+++ b/internal/rules/policies/cloud/policies/aws/efs/enable_at_rest_encryption.rego
@@ -0,0 +1,25 @@
+# METADATA
+# title: "EFS Encryption Enabled"
+# description: "Ensures that EFS volumes are encrypted at rest"
+# scope: package
+# schemas:
+# - input: schema.input
+# related_resources:
+# - https://docs.aws.amazon.com/efs/latest/ug/encryption.html
+# custom:
+#   avd_id: AVD-AWS-0194
+#   provider: aws
+#   service: efs
+#   severity: HIGH
+#   short_code: enable-at-rest-encryption
+#   recommended_action: "Encryption of data at rest can only be enabled during file system creation. Encryption of data in transit is configured when mounting your file system. 1. Backup your data in not encrypted efs 2. Recreate the EFS and select \'Enable encryption of data at rest\'"
+#   input:
+#     selector:
+#     - type: cloud
+package builtin.aws.efs.aws0193
+
+deny[res] {
+	fs := input.aws.efs.filesystems[_]
+	not fs.encrypted.value
+	res := result.new("File system is not encrypted.", fs.encrypted)
+}
\ No newline at end of file
diff --git a/internal/rules/policies/cloud/policies/aws/efs/enable_at_rest_encryption_test.rego b/internal/rules/policies/cloud/policies/aws/efs/enable_at_rest_encryption_test.rego
new file mode 100644
index 000000000..f54505dc2
--- /dev/null
+++ b/internal/rules/policies/cloud/policies/aws/efs/enable_at_rest_encryption_test.rego
@@ -0,0 +1,11 @@
+package builtin.aws.efs.aws0193
+
+test_detects_when_decrypted {
+	r := deny with input as {"aws": {"efs": {"filesystems": [{"encrypted": {"value": false}}]}}}
+	count(r) == 1
+}
+
+test_when_encrypted {
+	r := deny with input as {"aws": {"efs": {"filesystems": [{"encrypted": {"value": true}}]}}}
+	count(r) == 0
+}
\ No newline at end of file