{"id":"azure-encryption-at-rest-tiered-by-service","text":"Azure encryption at rest operates at service-specific FIPS compliance levels: Key Vault provides tiered FIPS protection (software L1 → asymmetric HSM L2 → single-tenant Managed HSM L3), Storage uses automatic encryption with optional customer-managed keys, and NetApp Files meets FIPS 140-2 at rest — each service addresses a different certification requirement in the same encryption-at-rest framework.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"azure-encryption-at-rest-tiered-by-service","truth_value":"IN","reason":"premise"}]}}