Data protection

Boot volume is not encrypted with a customer managed key (CMK)

Risk Level

Informational (4)

  • N/A

Compliance Frameworks


When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. That boot volume is associated with that instance until you terminate the instance. By default, the Oracle service manages the keys that encrypt this boot volume. Boot volumes can also be encrypted using a customer-managed key to create an additional level of security. It was detected that the Boot Volume {OciBootVolume.Name} is not encrypted with a customer-managed key (CMK). Management of encryption keys is critical to protecting and accessing protected data.
  • Recommended Mitigation

    It is recommended to encrypt boot volumes with a customer-managed key (CMK) in order to provide an additional level of security for your data.