Skip to main content

💼 PR.DS-1: Data-at-rest is protected

  • ID: /frameworks/nist-csf-v1.1/pr-ds/01

Description

Empty...

Similar

  • Sections
    • /frameworks/iso-iec-27001-2013/08/02/03
    • /frameworks/nist-sp-800-53-r4/mp/08
    • /frameworks/nist-sp-800-53-r4/sc/12
    • /frameworks/nist-sp-800-53-r4/sc/28
  • Internal
    • ID: dec-c-f1052246

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 ISO/IEC 27001:2013 → 💼 A.8.2.3 Handling of assets5no data
💼 NIST SP 800-53 Revision 4 → 💼 MP-8 MEDIA DOWNGRADING4no data
💼 NIST SP 800-53 Revision 4 → 💼 SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT545no data
💼 NIST SP 800-53 Revision 4 → 💼 SC-28 PROTECTION OF INFORMATION AT REST233no data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v2.0 → 💼 PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected148no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (30)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account EBS Volume Encryption Attribute is not enabled in all regions🟢1🟢 x6no data
🛡️ AWS Account Root User has active access keys🟢1🟢 x6no data
🛡️ AWS EFS File System encryption is not enabled🟢1🟢 x6no data
🛡️ AWS IAM User Access Keys are not rotated every 90 days or less🟢1🟢 x6no data
🛡️ AWS IAM User has more than one active access key🟢1🟢 x6no data
🛡️ AWS IAM User with console and programmatic access set during the initial creation🟢⚪🟢 x2, ⚪ x1no data
🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢1🟢 x6no data
🛡️ AWS RDS Instance Encryption is not enabled🟢1🟢 x6no data
🛡️ Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Azure Key Vault Soft Delete and Purge Protection functions are not enabled🟢1🟢 x6no data
🛡️ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure Non-RBAC Key Vault stores Keys without expiration date🟢1🟢 x6no data
🛡️ Azure Non-RBAC Key Vault stores Secrets without expiration date🟢1🟢 x6no data
🛡️ Azure RBAC Key Vault stores Keys without expiration date🟢1🟢 x6no data
🛡️ Azure RBAC Key Vault stores Secrets without expiration date🟢1🟢 x6no data
🛡️ Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Azure Storage Account With Critical Data is not encrypted with customer managed key🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure Unattached Managed Disk is not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key🟢1🟢 x6no data
🛡️ Google BigQuery Dataset is anonymously or publicly accessible🟢1🟢 x6no data
🛡️ Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK)🟢1🟢 x6no data
🛡️ Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK)🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC is not enabled🟢1🟢 x6no data
🛡️ Google Cloud MySQL Instance allows anyone to connect with administrative privileges🟢⚪🟢 x2, ⚪ x1no data
🛡️ Google Cloud SQL Instance SSL Connections are not enforced🟢1🟢 x6no data
🛡️ Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key🟢1🟢 x6no data
🛡️ Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK)🟢1🟢 x6no data
🛡️ Google GCE Instance Confidential Compute is not enabled🟢1🟢 x6no data
🛡️ Google Project with KMS keys has a principal with Owner role🟢1🟢 x6no data
🛡️ Google Storage Bucket is anonymously or publicly accessible🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-0bdcd2761
✉️ dec-x-0be4dfe51
✉️ dec-x-0feec7902
✉️ dec-x-4d6fee7a1
✉️ dec-x-5c3c20671
✉️ dec-x-6ba5ecd21
✉️ dec-x-9cdb74071
✉️ dec-x-82ca41272
✉️ dec-x-230b5e351
✉️ dec-x-966d31831
✉️ dec-x-307950161
✉️ dec-x-aef11ebd1
✉️ dec-x-b10e98af1
✉️ dec-x-bcb0c78f1
✉️ dec-x-f63fd4f01