2.2.5 Transparent Database Encryption (TDE)

It is required to encrypt sensitive application data on storage media completely transparent to the application itself. TDE encrypts data automatically when written to storage including backups, data dumps exports, and logs. Encrypted data is correspondingly decrypted when read from storage. Access controls that are enforced at the database and application layers remain in effect.