OCI-014 Oracle Cloud Infrastructure (OCI)

Buckets use customer-managed encryption keys where required.

Buckets use customer-managed encryption keys where required.

Domain
Oracle Cloud Infrastructure (OCI)
Area
Object Storage
Automated / manual
Automated

Risk if it fails

Oracle-managed-only keys reduce key control.

Customer-managed keys let you instantly revoke access by disabling the key. Without that control you cannot quickly cut off a compromised system's access to data.

How Tess tests it

1 test — each concludes only on cited evidence.

Buckets use customer-managed encryption keys where required.

Automated
Procedure
Confirm kms-key-id is set on sensitive buckets.

Read-only command 

oci os bucket get --bucket-name <bucket> --query 'data.{name:name,kms:"kms-key-id"}'

More in Oracle Cloud Infrastructure (OCI)

OCI-001 MFA is enforced for all IAM users, especially administrators. OCI-002 Customer secret keys / API keys are rotated regularly (<=90 days). OCI-003 A strong password policy is configured. OCI-004 Membership of the Administrators group is minimal.

Want Tess to test OCI-014 against your evidence?

Book a demo