Benchmark: 2.2.1 Cloud Block Storage Encryption
Description
Objects stored in IBM Cloud Block Storage need to be encrypted at all times for client data security. By default all objects stored in IBM Cloud Block Storage are encrypted at-rest by ensuring user selects an encryption key from various available options.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-ibm-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 2.2.1 Cloud Block Storage Encryption.
Run this benchmark in your terminal:
powerpipe benchmark run ibm_compliance.benchmark.cis_v100_2_2_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run ibm_compliance.benchmark.cis_v100_2_2_1 --share
Controls
- 2.2.1.1 Ensure Block Storage is encrypted with customer managed keys
- 2.2.1.2 Ensure Block Storage is encrypted with BYOK
- 2.2.1.3 Ensure Block Storage is encrypted with KYOK