v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password

Description

Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.databox_job_unlock_password_encrypted_with_cmk

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.databox_job_unlock_password_encrypted_with_cmk --share

SQL

This control uses a named query:

manual_control

Tags

nist_sp_800_53_rev_5 = true
service = Azure/DataBox