800-53|SC-28(1)

Title

CRYPTOGRAPHIC PROTECTION

Description

The information system implements cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined information] on [Assignment: organization-defined information system components].

Supplemental

Selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category and/or classification of the information. This control enhancement applies to significant concentrations of digital media in organizational areas designated for media storage and also to limited quantities of media generally associated with information system components in operational environments (e.g., portable storage devices, mobile devices). Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields). Organizations employing cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions.

Reference Item Details

Related: AC-19,SC-12

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: PROTECTION OF INFORMATION AT REST

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.6.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 MS L1 v2.4.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 DC L1 v2.4.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 MS L1 v2.6.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - DisabledWindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - DisabledWindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - DisabledWindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
1.2.24 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.24 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --etcd-cafile argument is set as appropriateUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 DaysGCPCIS Google Cloud Platform v2.0.0 L1
1.17 Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption KeyGCPCIS Google Cloud Platform v2.0.0 L2
1.18 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret ManagerGCPCIS Google Cloud Platform v2.0.0 L1