Skip to content
This repository has been archived by the owner on Jun 25, 2024. It is now read-only.

changes to questions #590

Merged
merged 1 commit into from
Apr 25, 2023
Merged

changes to questions #590

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions jupiterone/questions/questions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1219,6 +1219,48 @@ questions:
- standard: CIS Google Cloud Foundations 1.1
requirements:
- '7.1'
#7.2
- id: integration-question-google-bigquery-encrypt-tables-with-CMEK
title: Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK)
description:
BigQuery by default encrypts the data as rest by employing `Envelope Encryption` using Google managed cryptographic keys. The data is encrypted using the `data encryption keys` and data encryption keys themselves are further encrypted using `key encryption keys`. This is seamless and do not require any additional input from the user. However, if you want to have greater control, Customer-managed encryption keys (CMEK) can be used as encryption key management solution for BigQuery Data Sets. If CMEK is used, the CMEK is used to encrypt the data encryption keys instead of using google-managed encryption keys.
queries:
- name: good
query: FIND google_bigquery_dataset WITH encrypted = true AND kmsKeyName ~= "cmek"
- name: bad
query: FIND google_bigquery_dataset WITH encrypted != true AND kmsKeyName ~= "cmek"
tags:
- google-cloud
- bigquery
- CMEK
compliance:
- standard: CIS Google Cloud Platform Foundation Benchmark 1.3
requirements:
- '7.2'
- standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0
requirements:
- '7.2'
#7.3
- id: integration-question-google-bigquery-default-CMEK
title: Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets
description:
BigQuery by default encrypts the data as rest by employing `Envelope Encryption` using Google managed cryptographic keys. The data is encrypted using the `data encryption keys` and data encryption keys themselves are further encrypted using `key encryption keys`. This is seamless and do not require any additional input from the user. However, if you want to have greater control, Customer-managed encryption keys (CMEK) can be used as encryption key management solution for BigQuery Data Sets.
queries:
- name: good
query: Find google_bigquery_dataset WITH kmsKeyName ~= "cmek"
- name: bad
query: Find google_bigquery_dataset WITH kmsKeyName !~= "cmek"
tags:
- google-cloud
- bigquery
- CMEK
compliance:
- standard: CIS Google Cloud Platform Foundation Benchmark 1.3
requirements:
- '7.3'
- standard: CIS Google Cloud Platform Foundation Benchmark 2.0.0
requirements:
- '7.3'
################################################################################
# End Section 7: Big Query
################################################################################
Expand Down