💼 7.3 Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets - Level 2 (Automated | Roadmapped)

ID: /frameworks/cis-gcp-v1.2.0/07/03

Description

BigQuery by default encrypts the data as rest by employing Envelope Encryption using Google managed cryptographic keys. The data is encrypted using the data encryption keys and data encryption keys themselves are further encrypted using key encryption keys. This is seamless and do not require any additional input from the user. However, if you want to have greater control, Customer-managed encryption keys (CMEK) can be used as encryption key management solution for BigQuery Data Sets. Will be supported in the near future.

Similar

Sections
- /frameworks/cis-gcp-v1.3.0/07/03
Internal
- ID: dec-c-482320c0

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS GCP v1.3.0 → 💼 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets - Level 2 (Manual)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS GCP v1.3.0 → 💼 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets - Level 2 (Manual)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK)🟢	1	🟢 x6	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​