As a TRE Administrator
I want to deploy TRE in a manner compliant with common regulatory frameworks, like NIST SP 800-171 R2 and Microsoft's built-in compliance initiatives for those frameworks
So that research takes place in a compliant environment
Acceptance criteria
[ ] New TRE deployments' storage accounts use infrastructure encryption
[ ] Existing TRE deployments are not modified
Notes
Existing storage accounts cannot be updated to support infrastructure encryption. A feature flag at the core TRE level might be required so that existing storage accounts aren't attempted to be upgraded. Perhaps this could also be accomplished with Terraform ignore statements, but I don't know those very well.
Description
As a TRE Administrator I want to deploy TRE in a manner compliant with common regulatory frameworks, like NIST SP 800-171 R2 and Microsoft's built-in compliance initiatives for those frameworks So that research takes place in a compliant environment
Acceptance criteria
Notes
Existing storage accounts cannot be updated to support infrastructure encryption. A feature flag at the core TRE level might be required so that existing storage accounts aren't attempted to be upgraded. Perhaps this could also be accomplished with Terraform ignore statements, but I don't know those very well.