Data protection

Block volume is not encrypted with a customer managed key (CMK)

Platform(s)
  • Oracle Cloud Infrastructure

Compliance Frameworks
  • coppa
  • ,
  • CPRA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • mpa
  • ,
  • NIST 800-171
  • ,
  • OCI CIS
  • ,
  • PDPA
  • ,
  • pipeda

Description

Oracle Cloud Infrastructure Block Volume service lets you dynamically provision and manage block storage volumes. By default, the Oracle service manages the keys that encrypt this block volume. Block Volumes can also be encrypted using a customer-managed key to create an additional level of security. It was detected that the Block Volume {OciVolume.Name} is not encrypted with a customer-managed key (CMK). Management of encryption keys is critical to protecting and accessing protected data.