OCI-017 Oracle Cloud Infrastructure (OCI)

Block volumes are encrypted (default or CMK).

Block volumes are encrypted (default or CMK).

Domain
Oracle Cloud Infrastructure (OCI)
Area
Compute
Automated / manual
Automated

Risk if it fails

Unencrypted disks expose data when cloned.

If a volume is copied or stolen, encryption keeps it unreadable. Unencrypted volumes hand the attacker the full contents of the disk.

How Tess tests it

1 test — each concludes only on cited evidence.

Block volumes are encrypted (default or CMK).

Automated
Procedure
Confirm volumes encrypted; check kms-key-id where CMK required.

Read-only command 

oci bv volume list --compartment-id <compartment-ocid> --all --query 'data[].{name:"display-name",kms:"kms-key-id"}'

More in Oracle Cloud Infrastructure (OCI)

OCI-001 MFA is enforced for all IAM users, especially administrators. OCI-002 Customer secret keys / API keys are rotated regularly (<=90 days). OCI-003 A strong password policy is configured. OCI-004 Membership of the Administrators group is minimal.

Want Tess to test OCI-017 against your evidence?

Book a demo