800-53|SC-28

Title

PROTECTION OF INFORMATION AT REST

Description

The information system protects the [Selection (one or more): confidentiality; integrity] of [Assignment: organization-defined information at rest].

Supplemental

This control addresses the confidentiality and integrity of information at rest and covers user information and system information. Information at rest refers to the state of information when it is located on storage devices as specific components of information systems. System-related information requiring protection includes, for example, configurations or rule sets for firewalls, gateways, intrusion detection/prevention systems, filtering routers, and authenticator content. Organizations may employ different mechanisms to achieve confidentiality and integrity protections, including the use of cryptographic mechanisms and file share scanning. Integrity protection can be achieved, for example, by implementing Write-Once-Read-Many (WORM) technologies. Organizations may also employ other security controls including, for example, secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved and/or continuous monitoring to identify malicious code at rest.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-3,AC-6,CA-7,CM-3,CM-5,CM-6,PE-3,SC-13,SC-8,SI-3,SI-7

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2016 MS L1 v2.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - Disabled	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2016 DC L1 v2.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - Disabled	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - Disabled	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC
1.1.34 Ensure that the --encryption-provider-config argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.35 Ensure that the encryption provider is set to aescbc	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.24 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.24 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfile	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfile	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days	GCP	CIS Google Cloud Platform v2.0.0 L1
1.17 Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key	GCP	CIS Google Cloud Platform v2.0.0 L2
1.18 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager	GCP	CIS Google Cloud Platform v2.0.0 L1

Detections

Analytics