---
names: 
  full: "Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key"
  contextual: "Cluster is not encrypted using Customer-Managed Encryption Key"
description: "When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) \
 associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. \ 
 This PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and \ 
 key encryption key (KEK). The CMEK feature allows you to create, use, and revoke the key \ 
 encryption key (KEK). Google still controls the data encryption key (DEK)."
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
frameworkMappings:
  - /frameworks/cis-gcp-v3.0.0/08/01
  - /frameworks/cloudaware/resource-security/data-encryption
  - /frameworks/nist-sp-800-53-r5/ia/05
  - /frameworks/nist-sp-800-53-r5/sc/28
  - /frameworks/pci-dss-v4.0/03/01/01
  - /frameworks/pci-dss-v4.0/03/03/02
  - /frameworks/pci-dss-v4.0/03/03/03
  - /frameworks/pci-dss-v4.0/03/05/01
  - /frameworks/pci-dss-v4.0/03/05/01/02
  - /frameworks/pci-dss-v4.0/03/05/01/03
  - /frameworks/pci-dss-v4.0/08/03/02
  - /frameworks/iso-iec-27001-2022/05/33
  - /frameworks/nist-csf-v1.1/pr-ds/01
  - /frameworks/soc-2/cc6/01/10
  - /frameworks/soc-2/cc6/01/03
similarPolicies:
  cloudConformity:
    - url: "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/Dataproc/enable-encryption-with-cmks-for-dataproc-clusters.html"
      name: "Enable Dataproc Cluster Encryption with Customer-Managed Keys"