diff --git a/jupiterone/questions/questions.yaml b/jupiterone/questions/questions.yaml
index 799c95c5..8713b408 100644
--- a/jupiterone/questions/questions.yaml
+++ b/jupiterone/questions/questions.yaml
@@ -1219,6 +1219,48 @@ questions:
   - standard: CIS Google Cloud Foundations 1.1
     requirements:
       - '7.1'
+#7.2
+- id: integration-question-google-bigquery-encrypt-tables-with-CMEK
+  title: Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
+  description:
+    BigQuery by default encrypts the data as rest by employing `Envelope Encryption` using Google managed cryptographic keys. The data is encrypted using the `data encryption keys` and data encryption keys themselves are further encrypted using `key encryption keys`. This is seamless and do not require any additional input from the user. However, if you want to have greater control, Customer-managed encryption keys (CMEK) can be used as encryption key management solution for BigQuery Data Sets. If CMEK is used, the CMEK is used to encrypt the data encryption keys instead of using google-managed encryption keys.
+  queries:
+  - name: good
+    query: FIND google_bigquery_dataset WITH encrypted = true AND kmsKeyName ~= "cmek"
+  - name: bad
+    query: FIND google_bigquery_dataset WITH encrypted != true AND kmsKeyName ~= "cmek"
+  tags:
+  - google-cloud
+  - bigquery
+  - CMEK
+  compliance:
+  - standard: CIS Google Cloud Platform Foundation Benchmark 1.3
+    requirements:
+      - '7.2'
+  - standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0
+    requirements:
+      - '7.2'
+#7.3
+- id: integration-question-google-bigquery-default-CMEK
+  title: Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets
+  description:
+    BigQuery by default encrypts the data as rest by employing `Envelope Encryption` using Google managed cryptographic keys. The data is encrypted using the `data encryption keys` and data encryption keys themselves are further encrypted using `key encryption keys`. This is seamless and do not require any additional input from the user. However, if you want to have greater control, Customer-managed encryption keys (CMEK) can be used as encryption key management solution for BigQuery Data Sets.
+  queries:
+  - name: good
+    query: Find google_bigquery_dataset WITH kmsKeyName ~= "cmek"
+  - name: bad
+    query: Find google_bigquery_dataset WITH kmsKeyName !~= "cmek"
+  tags:
+  - google-cloud
+  - bigquery
+  - CMEK
+  compliance:
+  - standard: CIS Google Cloud Platform Foundation Benchmark 1.3
+    requirements:
+      - '7.3'
+  - standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0
+    requirements:
+      - '7.3'
 ################################################################################
 # End Section 7: Big Query
 ################################################################################