Skip to main content

πŸ’Ό SC-28 Protection of Information at Rest (L)(M)(H)

  • Contextual name: πŸ’Ό SC-28 Protection of Information at Rest (L)(M)(H)
  • ID: /frameworks/fedramp-moderate-security-controls/sc/28
  • Located in: πŸ’Ό System and Communications Protection

Description​

Protect the [FedRAMP Assignment: confidentiality AND integrity] of the following information at rest: [Assignment: organization-defined information at rest].

SC-28 Additional FedRAMP Requirements and Guidance:

Guidance: The organization supports the capability to use cryptographic mechanisms to protect information at rest.

Guidance: When leveraging encryption from underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured.

Guidance: Note that this enhancement requires the use of cryptography in accordance with SC-13.

Similar​

  • Sections
    • /frameworks/fedramp-high-security-controls/sc/28
  • Internal
    • ID: dec-c-ae145ea2

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SC-28 Protection of Information at Rest (L)(M)(H)1717

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SC-28(1) Cryptographic Protection (L)(M)(H)12

Policies (15)​

PolicyLogic CountFlags
πŸ“ AWS Account EBS Volume Encryption Attribute is not enabled in all regions 🟒1🟒 x6
πŸ“ AWS CloudTrail is not encrypted with KMS CMK 🟒1🟒 x6
πŸ“ AWS EFS File System encryption is not enabled 🟒1🟒 x6
πŸ“ AWS RDS Instance Encryption is not enabled 🟒1🟒 x6
πŸ“ Azure App Service FTP deployments are not disabled 🟒1🟒 x6
πŸ“ Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟒1🟒 x6
πŸ“ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled 🟒1🟒 x6
πŸ“ Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key 🟒1🟒 x6
πŸ“ Azure Storage Account Require Infrastructure Encryption is not enabled 🟒1🟒 x6
πŸ“ Azure Storage Account With Critical Data is not encrypted with customer managed key 🟒🟒 x3
πŸ“ Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key 🟒1🟒 x6
πŸ“ Unattached Azure Managed Disk is not encrypted with Customer-managed key 🟒1🟒 x6