---
names: 
  full: "Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK)"
  contextual: "Dataset is not encrypted with Customer-Managed Encryption Key (CMEK)"
description: "BigQuery by default encrypts the data as rest by employing Envelope Encryption using \
 Google managed cryptographic keys. The data is encrypted using the data encryption keys \ 
 and data encryption keys themselves are further encrypted using key encryption keys. \ 
 This is seamless and do not require any additional input from the user. However, if you want \ 
 to have greater control, Customer-managed encryption keys (CMEK) can be used as encryption key \ 
 management solution for BigQuery Data Sets."
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
frameworkMappings:
  - /frameworks/cis-gcp-v4.0.0/07/03
  - /frameworks/cloudaware/resource-security/data-encryption
  - /frameworks/nist-sp-800-53-r5/ia/05
  - /frameworks/nist-sp-800-53-r5/sc/28
  - /frameworks/pci-dss-v4.0/03/01/01
  - /frameworks/pci-dss-v4.0/03/03/02
  - /frameworks/pci-dss-v4.0/03/03/03
  - /frameworks/pci-dss-v4.0/03/05/01
  - /frameworks/pci-dss-v4.0/03/05/01/02
  - /frameworks/pci-dss-v4.0/03/05/01/03
  - /frameworks/pci-dss-v4.0/08/03/02
  - /frameworks/iso-iec-27001-2022/05/33
  - /frameworks/nist-csf-v1.1/pr-ds/01
  - /frameworks/soc-2/cc6/01/03
  - /frameworks/soc-2/cc6/01/10
similarPolicies:
  cloudConformity:
    - url: "https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/BigQuery/dataset-encryption-cmek.html"
      name: "Enable BigQuery Dataset Encryption with Customer-Managed Encryption Keys"