💼 SC-28 Protection of Information at Rest (L)(M)(H)

Contextual name: 💼 SC-28 Protection of Information at Rest (L)(M)(H)
ID: /frameworks/fedramp-high-security-controls/sc/28
Located in: 💼 System and Communications Protection

Description

Protect the [FedRAMP Assignment: confidentiality AND integrity] of the following information at rest: [Assignment: organization-defined information at rest].

SC-28 Additional FedRAMP Requirements and Guidance:

Guidance: The organization supports the capability to use cryptographic mechanisms to protect information at rest.

Guidance: When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured.

Guidance: Note that this enhancement requires the use of cryptography in accordance with SC-13.

Similar

Sections
- /frameworks/nist-sp-800-53-r5/sc/28
Internal
- ID: dec-c-ae145ea2

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 SC-28 Protection of Information at Rest	3	15	18

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP Low Security Controls → 💼 SC-28 Protection of Information at Rest (L)(M)(H)	1		17
💼 FedRAMP Moderate Security Controls → 💼 SC-28 Protection of Information at Rest (L)(M)(H)	1		17

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 SC-28(1) Cryptographic Protection (L)(M)(H)		5	12

Policies (15)

Policy	Logic Count	Flags
📝 AWS Account EBS Volume Encryption Attribute is not enabled in all regions 🟢	1	🟢 x6
📝 AWS CloudTrail is not encrypted with KMS CMK 🟢	1	🟢 x6
📝 AWS EFS File System encryption is not enabled 🟢	1	🟢 x6
📝 AWS RDS Instance Encryption is not enabled 🟢	1	🟢 x6
📝 Azure App Service FTP deployments are not disabled 🟢	1	🟢 x6
📝 Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled 🟢	1	🟢 x6
📝 Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure Storage Account Require Infrastructure Encryption is not enabled 🟢	1	🟢 x6
📝 Azure Storage Account With Critical Data is not encrypted with customer managed key 🟢		🟢 x3
📝 Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Unattached Azure Managed Disk is not encrypted with Customer-managed key 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0bdcd276	1
✉️ dec-x-5c3c2067	1
✉️ dec-x-6ba5ecd2	1
✉️ dec-x-9cdb7407	1
✉️ dec-x-966d3183	1
✉️ dec-x-aef11ebd	1
✉️ dec-x-f63fd4f0	1

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (15)​

Internal Rules​