v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/ibm_compliance
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub

Control: 5.2 Ensure IBM Cloudant encryption is enabled with customer managed keys

Description

IBM Cloudant encrypts all client data at-rest by default. For customers using a Dedicated Hardware plan instance, it is optional to use the service's integration with IBM Key Protect for customers to bring their own encryption key at provision time for the instance.

Remediation

The process to remediate a configuration where there is no use of a customer-managed encryption is as follows:

  1. Provision a new Cloudant Dedicated Hardware plan instance using a customermanaged key as shown in details above.
  2. Create new Cloudant instance(s) on the Dedicated Hardware plan instance that is using a customer-managed key as needed.
  3. Replicate data over from the Cloudant instances not using a customer-managed key to the instances on the Dedicaed Hardware environment using the customermanaged key. This process requires use of the Cloudant replication feature as shown in the Cloudant documentation.
  4. Delete any Cloudant instances on environments that do not use customer-managed keys once the replication is complete.

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_5_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_5_2 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 5.2
cis_level = 1
cis_section_id = 5
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/Cloudant