SC-28 Protection of Information at Rest
Protect the sc-28_odp.01 of the following information at rest: sc-28_odp.02.
| Parameter ID | Definition |
|---|---|
| sc-28_odp.01 |
Selection (one-or-more):
|
| sc-28_odp.02 | information at rest |
Baselines
- L
- M
- H
- P
Guidance
Information at rest refers to the state of information when it is not in process or in transit and is located on system components. Such components include internal or external hard disk drives, storage area network devices, or databases. However, the focus of protecting information at rest is not on the type of storage device or frequency of access but rather on the state of the information. Information at rest addresses the confidentiality and integrity of information and covers user information and system information. System-related information that requires protection includes configurations or rule sets for firewalls, intrusion detection and prevention systems, filtering routers, and authentication information. Organizations may employ different mechanisms to achieve confidentiality and integrity protections, including the use of cryptographic mechanisms and file share scanning. Integrity protection can be achieved, for example, by implementing write-once-read-many (WORM) technologies. When adequate protection of information at rest cannot otherwise be achieved, organizations may employ other controls, including frequent scanning to identify malicious code at rest and secure offline storage in lieu of online storage.
References 9
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
- SP 800-56A Barker EB, Chen L, Roginsky A, Vassilev A, Davis R (2018) Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56A, Rev. 3.
- SP 800-56B Barker EB, Chen L, Roginsky A, Vassilev A, Davis R, Simon S (2019) Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56B, Rev. 2.
- SP 800-56C Barker EB, Chen L, Davis R (2020) Recommendation for Key-Derivation Methods in Key-Establishment Schemes. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56C, Rev. 2.
- SP 800-57-1 Barker EB (2020) Recommendation for Key Management: Part 1 – General. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-57 Part 1, Rev. 5.
- SP 800-57-2 Barker EB, Barker WC (2019) Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-57 Part 2, Rev. 1.
- SP 800-57-3 Barker EB, Dang QH (2015) Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-57 Part 3, Rev. 1.
- SP 800-111 Scarfone KA, Souppaya MP, Sexton M (2007) Guide to Storage Encryption Technologies for End User Devices. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-111.
- SP 800-124 Souppaya MP, Scarfone KA (2013) Guidelines for Managing the Security of Mobile Devices in the Enterprise. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-124, Rev. 1.
Control Enhancements 3
- SC-28(01) Cryptographic Protection L M H P
- SC-28(02) Offline Storage L M H P
- SC-28(03) Cryptographic Keys L M H P
Related controls 19
- AC-03 Access Enforcement L M H P
- AC-04 Information Flow Enforcement L M H P
- AC-06 Least Privilege L M H P
- AC-19 Access Control for Mobile Devices L M H P
- CA-07 Continuous Monitoring L M H P
- CM-03 Configuration Change Control L M H P
- CM-05 Access Restrictions for Change L M H P
- CM-06 Configuration Settings L M H P
- CP-09 System Backup L M H P
- MP-04 Media Storage L M H P
- MP-05 Media Transport L M H P
- PE-03 Physical Access Control L M H P
- SC-08 Transmission Confidentiality and Integrity L M H P
- SC-12 Cryptographic Key Establishment and Management L M H P
- SC-13 Cryptographic Protection L M H P
- SC-34 Non-modifiable Executable Programs L M H P
- SI-03 Malicious Code Protection L M H P
- SI-07 Software, Firmware, and Information Integrity L M H P
- SI-16 Memory Protection L M H P