hyi
commented
2 years ago Have recreated an encrypted iceesdata PVC and transferred the data over into the encrypted PVC and redeployed all ICEES instances. As such, iceesdata in Sterling that serves ICEES API is now encrypted at rest. Closing this issue.
This issue is to report a requirement to establish encryption at rest for all servers that hold ICEES data, including data that have been deidentified per HIPAA Safe Harbor. The requirement was set forth by the CDWH Oversight Committee in May 2018.
Relevant exchanges (other documentation can be provided by Kara):
From: Pfaff, Emily Yep, SSL is fine. From: Steven Cox [mailto:scox@renci.org] Sent: Tuesday, May 01, 2018 2:08 PM To: Pfaff, Emily [epfaff@email.unc.edu](mailto:epfaff@email.unc.edu); Karamarie Fecho [kfecho@copperlineprofessionalsolutions.com](mailto:kfecho@copperlineprofessionalsolutions.com) Cc: Chris Bizon [bizon@renci.org](mailto:bizon@renci.org) Subject: Re: update re DDCR Service (formerly known as EBCR Service or 3D Regrouping Service) Hi folks - I'm just catching up on this thread. We're encrypting a disk partition to comply with the encryption at rest requirement. Emily, below you use the phrase "both at rest and in transit". I don't remember seeing that concept as a requirement from the committee. That said, we do plan to serve the data over SSL so it will be encrypted in transit over the internet. So is there a specific additional encryption in transit requirement from the committee? And will SSL satisfy it? Thanks, Steve
From Mac, 03.29.2022:
although unfortuntely you may have to hold off on that for a little while. If you saw that message in #kubernetes-users, the NetApp code that applies settings (such as encryption and snapshotting) is bugged. In fact there's like a 50% chance your volume was created with encryption enabled already! NetApp support is on the case still