Skip to main content

πŸ’Ό 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets - Level 2 (Automated)

  • Contextual name: πŸ’Ό 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets - Level 2 (Automated)
  • ID: /frameworks/cis-gcp-v2.0.0/07/03
  • Located in: πŸ’Ό 7 BigQuery

Description​

BigQuery by default encrypts the data as rest by employing Envelope Encryption using Google managed cryptographic keys. The data is encrypted using the data encryption keys and data encryption keys themselves are further encrypted using key encryption keys. This is seamless and do not require any additional input from the user. However, if you want to have greater control, Customer-managed encryption keys (CMEK) can be used as encryption key management solution for BigQuery Data Sets.

Similar​

  • Sections
    • /frameworks/cis-gcp-v3.0.0/07/03
    • /frameworks/cis-gcp-v1.3.0/07/03
  • Internal
    • ID: dec-c-d1a7909a

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS GCP v1.3.0 β†’ πŸ’Ό 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets - Level 2 (Manual)1
πŸ’Ό CIS GCP v3.0.0 β†’ πŸ’Ό 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets - Level 2 (Automated)1

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS GCP v1.3.0 β†’ πŸ’Ό 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets - Level 2 (Manual)1
πŸ’Ό CIS GCP v3.0.0 β†’ πŸ’Ό 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets - Level 2 (Automated)1

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (1)​

PolicyLogic CountFlags
πŸ“ Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK) 🟒1🟒 x6