Detections
Analytics

800-53|SC-28(1)

Title

CRYPTOGRAPHIC PROTECTION

Description

The information system implements cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined information] on [Assignment: organization-defined information system components].

Supplemental

Selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category and/or classification of the information. This control enhancement applies to significant concentrations of digital media in organizational areas designated for media storage and also to limited quantities of media generally associated with information system components in operational environments (e.g., portable storage devices, mobile devices). Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields). Organizations employing cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions.

Reference Item Details

Related: AC-19,SC-12

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: PROTECTION OF INFORMATION AT REST

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 AZLX-23-000100UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT I
1.1.2 Securing Password EntryArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
1.1.2 Securing Password EntryArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 L1
1.1.3 Ensure 'Master Key Passphrase' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v4.0.0 L1 MS
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 DC L1 v3.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v4.0.0 L1 DC
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v4.0.0 L1 MS
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 MS L1 v3.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v4.0.0 L1 DC
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v4.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v5.0.1 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Stand-alone v5.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2025 v2.0.0 L1 DC
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v5.0.0 L1 MS
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2025 v2.0.0 L1 MS
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v5.0.0 L1 DC
1.11 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 DaysGCPCIS Google Cloud Platform Foundation v5.0.0 L1
1.14 DTOO321WindowsCIS Microsoft Office System 2016 STIG v1.0.0 CAT II
1.15 IBMW-LS-000440UnixCIS IBM WebSphere Liberty Server STIG v1.0.0 CAT I
1.104 UBTU-24-600090UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.105 RHEL-09-231190UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
1.140 APPL-14-005020UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT I
1.149 SOL-11.1-060150UnixCIS Solaris 11 X86 STIG v1.0.0 CAT III
1.151 SOL-11.1-060150UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT III
1.151 SOL-11.1-060170UnixCIS Solaris 11 X86 STIG v1.0.0 CAT III
1.153 SOL-11.1-060170UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT III