---
names: 
  full: "Google GCE Instance Confidential Compute is not enabled"
  contextual: "Instance Confidential Compute is not enabled"
description: "Google Cloud encrypts data at-rest and in-transit, but customer data must be decrypted \ 
 for processing. Confidential Computing is a breakthrough technology which encrypts data in-use, while \ 
 it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere \ 
 outside the central processing unit (CPU).
 Confidential VMs leverage the Secure Encrypted Virtualization (SEV) feature of AMD EPYC™ CPUs. Customer \ 
 data will stay encrypted while it is used, indexed, queried, or trained on. Encryption keys are \ 
 generated in hardware, per VM, and not exportable. Thanks to built-in hardware optimizations of both \ 
 performance and security, there is no significant performance penalty to Confidential Computing workloads."
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
frameworkMappings:
  - /frameworks/cis-gcp-v4.0.0/04/11
  - /frameworks/cloudaware/resource-security/data-encryption
  - /frameworks/nist-sp-800-53-r5/ia/05
  - /frameworks/nist-sp-800-53-r5/sc/28
  - /frameworks/pci-dss-v4.0/03/01/01
  - /frameworks/pci-dss-v4.0/03/03/02
  - /frameworks/pci-dss-v4.0/03/03/03
  - /frameworks/pci-dss-v4.0/03/05/01
  - /frameworks/pci-dss-v4.0/03/05/01/02
  - /frameworks/pci-dss-v4.0/03/05/01/03
  - /frameworks/pci-dss-v4.0/08/03/02
  - /frameworks/iso-iec-27001-2022/05/33
  - /frameworks/nist-csf-v1.1/pr-ds/01
  - /frameworks/soc-2/cc6/01/10
  - /frameworks/soc-2/cc6/01/03
similarPolicies:
  cloudConformity:
    - url: "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/gcp/ComputeEngine/confidential-computing.html"
      name: "Enable Confidential Computing for Virtual Machine Instances"