πΌ SC-28(1) Cryptographic Protection (L)(M)(H)
- Contextual name: πΌ SC-28(1) Cryptographic Protection (L)(M)(H)
- ID:
/frameworks/fedramp-low-security-controls/sc/28/01 - Located in: πΌ SC-28 Protection of Information at Rest (L)(M)(H)
Descriptionβ
Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on [FedRAMP Assignment: all information system components storing Federal data or system data that must be protected at the High or Moderate impact levels]: [Assignment: organization-defined information].
SC-28 (1) Additional FedRAMP Requirements and Guidance:
Guidance: Organizations should select a mode of protection that is targeted towards the relevant threat scenarios.
Examples:
A. Organizations may apply full disk encryption (FDE) to a mobile device where the primary threat is loss of the device while storage is locked.
B. For a database application housing data for a single customer, encryption at the file system level would often provide more protection than FDE against the more likely threat of an intruder on the operating system accessing the storage.
C. For a database application housing data for multiple customers, encryption with unique keys for each customer at the database record level may be more appropriate.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sc/28/01/frameworks/fedramp-high-security-controls/sc/28/01
- Internal
- ID:
dec-c-583700c7
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ SC-28(1) Cryptographic Protection (L)(M)(H) | 5 | 12 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-28(1) Protection of Information at Rest _ Cryptographic Protection | 10 | 12 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|