πΌ CC6.1-10 Uses Encryption to Protect Data
- Contextual name: πΌ CC6.1-10 Uses Encryption to Protect Data
- ID:
/frameworks/soc-2/cc6/01/10 - Located in: πΌ CC6.1 The entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives.
Descriptionβ
The entity uses encryption to supplement other measures used to protect data-at-rest, when such protections are deemed appropriate based on assessed risk.
Similarβ
- Internal
- ID:
dec-c-46748ea9
- ID:
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (11)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account EBS Volume Encryption Attribute is not enabled in all regions π’ | 1 | π’ x6 |
| π AWS EFS File System encryption is not enabled π’ | 1 | π’ x6 |
| π AWS KMS Symmetric CMK Rotation is not enabled π’ | 1 | π’ x6 |
| π AWS RDS Instance Encryption is not enabled π’ | 1 | π’ x6 |
| π Azure Unattached Managed Disk is not encrypted with Customer-managed key π’ | 1 | π’ x6 |
| π Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key π’ | 1 | π’ x6 |
| π Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK) π’ | 1 | π’ x6 |
| π Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK) π’ | 1 | π’ x6 |
| π Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key π’ | 1 | π’ x6 |
| π Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK) π’ | 1 | π’ x6 |
| π Google GCE Instance Confidential Compute is not enabled π’ | 1 | π’ x6 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-0bdcd276 | 1 | |
| βοΈ dec-x-4d6fee7a | 1 | |
| βοΈ dec-x-6ba5ecd2 | 1 | |
| βοΈ dec-x-9cdb7407 | 1 | |
| βοΈ dec-x-966d3183 | 1 | |
| βοΈ dec-x-f63fd4f0 | 1 |