Data protection

Block volume is not encrypted with a customer managed key (CMK)

Risk Level

Informational (4)

  • N/A

Compliance Frameworks


Oracle Cloud Infrastructure Block Volume service lets you dynamically provision and manage block storage volumes. By default, the Oracle service manages the keys that encrypt this block volume. Block Volumes can also be encrypted using a customer-managed key. It was detected that the Block Volume {OciVolume.Name} is not encrypted with a customer-managed key (CMK). Management of encryption keys is critical to protecting and accessing protected data. Customers should identify block volumes encrypted with Oracle service managed keys and determine if they want to apply their own key lifecycle management to the selected block volumes.
  • Recommended Mitigation

    It is recommended to encrypt block volumes with a customer-managed key (CMK) in order to provide an additional level of security for your data.