diff --git a/assets/queries/terraform/alicloud/disk_encryption_disabled/metadata.json b/assets/queries/terraform/alicloud/disk_encryption_disabled/metadata.json
new file mode 100644
index 00000000000..50f07497938
--- /dev/null
+++ b/assets/queries/terraform/alicloud/disk_encryption_disabled/metadata.json
@@ -0,0 +1,11 @@
+{
+  "id": "39750e32-3fe9-453b-8c33-dd277acdb2cc",
+  "queryName": "Disk Encryption Disabled",
+  "severity": "HIGH",
+  "category": "Encryption",
+  "descriptionText": "Disks should have encryption enabled",
+  "descriptionUrl": "https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/disk#encrypted",
+  "platform": "Terraform",
+  "descriptionID": "68bbdfee",
+  "cloudProvider": "alicloud"
+}
diff --git a/assets/queries/terraform/alicloud/disk_encryption_disabled/query.rego b/assets/queries/terraform/alicloud/disk_encryption_disabled/query.rego
new file mode 100644
index 00000000000..6b5e778899c
--- /dev/null
+++ b/assets/queries/terraform/alicloud/disk_encryption_disabled/query.rego
@@ -0,0 +1,39 @@
+package Cx
+
+import data.generic.common as common_lib
+import data.generic.terraform as terra_lib
+
+CxPolicy[result] {
+
+	resource := input.document[i].resource.alicloud_disk[name]
+    resource.encrypted == false
+  
+
+    
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("alicloud_disk[%s].encrypted", [name]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": sprintf("[%s] has encryption set to true", [name]),
+		"keyActualValue": sprintf("[%s] has encryption set to false", [name]),
+        "searchline":common_lib.build_search_line(["resource", "alicloud_disk", name, "encrypted"], []),
+	}
+}
+
+CxPolicy[result] {
+
+	resource := input.document[i].resource.alicloud_disk[name]
+    not common_lib.valid_key(resource, "encrypted")
+	not common_lib.valid_key(resource, "snapshot_id")
+
+    
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("alicloud_disk[%s]",[name]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": sprintf("[%s] has encryption enabled",[name]),
+		"keyActualValue": sprintf("[%s] does not have encryption enabled",[name]),
+        "searchline":common_lib.build_search_line(["resource", "alicloud_disk", name], []),
+	}
+}
+
diff --git a/assets/queries/terraform/alicloud/disk_encryption_disabled/test/negative1.tf b/assets/queries/terraform/alicloud/disk_encryption_disabled/test/negative1.tf
new file mode 100644
index 00000000000..64f5d8cfa3c
--- /dev/null
+++ b/assets/queries/terraform/alicloud/disk_encryption_disabled/test/negative1.tf
@@ -0,0 +1,13 @@
+resource "alicloud_disk" "disk_encryption3" {
+  # cn-beijing
+  availability_zone = "cn-beijing-b"
+  name              = "New-disk"
+  description       = "Hello ecs disk."
+  category          = "cloud_efficiency"
+  size              = "30"
+  encrypted         = true
+  kms_key_id        = "2a6767f0-a16c-4679-a60f-13bf*****"
+  tags = {
+    Name = "TerraformTest"
+  }
+}
diff --git a/assets/queries/terraform/alicloud/disk_encryption_disabled/test/positive1.tf b/assets/queries/terraform/alicloud/disk_encryption_disabled/test/positive1.tf
new file mode 100644
index 00000000000..ecd5dd169df
--- /dev/null
+++ b/assets/queries/terraform/alicloud/disk_encryption_disabled/test/positive1.tf
@@ -0,0 +1,12 @@
+resource "alicloud_disk" "disk_encryption1" {
+  # cn-beijing
+  availability_zone = "cn-beijing-b"
+  name              = "New-disk"
+  description       = "Hello ecs disk."
+  category          = "cloud_efficiency"
+  size              = "30"
+  tags = {
+    Name = "TerraformTest"
+  }
+}
+
diff --git a/assets/queries/terraform/alicloud/disk_encryption_disabled/test/positive2.tf b/assets/queries/terraform/alicloud/disk_encryption_disabled/test/positive2.tf
new file mode 100644
index 00000000000..096419e08ce
--- /dev/null
+++ b/assets/queries/terraform/alicloud/disk_encryption_disabled/test/positive2.tf
@@ -0,0 +1,13 @@
+resource "alicloud_disk" "disk_encryption2" {
+  # cn-beijing
+  availability_zone = "cn-beijing-b"
+  name              = "New-disk"
+  description       = "Hello ecs disk."
+  category          = "cloud_efficiency"
+  size              = "30"
+  encrypted         = false
+  kms_key_id        = "2a6767f0-a16c-4679-a60f-13bf*****"
+  tags = {
+    Name = "TerraformTest"
+  }
+}
diff --git a/assets/queries/terraform/alicloud/disk_encryption_disabled/test/positive_expected_result.json b/assets/queries/terraform/alicloud/disk_encryption_disabled/test/positive_expected_result.json
new file mode 100644
index 00000000000..28916e232d3
--- /dev/null
+++ b/assets/queries/terraform/alicloud/disk_encryption_disabled/test/positive_expected_result.json
@@ -0,0 +1,14 @@
+[
+  {
+    "queryName": "Disk Encryption Disabled",
+    "severity": "HIGH",
+    "line": 8,
+    "fileName": "positive2.tf"
+  },
+  {
+    "queryName": "Disk Encryption Disabled",
+    "severity": "HIGH",
+    "line": 1,
+    "fileName": "positive1.tf"
+  }
+]