💼 PR.DS-1: Data-at-rest is protected

• Contextual name: 💼 PR.DS-1: Data-at-rest is protected
• ID: /frameworks/nist-csf-v1.1/pr-ds/01
• Located in: 💼 Data Security (PR.DS)

Description

Empty...

Similar

• Sections
  • /frameworks/iso-iec-27001-2013/08/02/03
  • /frameworks/nist-sp-800-53-r4/mp/08
  • /frameworks/nist-sp-800-53-r4/sc/12
  • /frameworks/nist-sp-800-53-r4/sc/28
• Internal
  • ID: dec-c-f1052246

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 ISO/IEC 27001:2013 → 💼 A.8.2.3 Handling of assets			4
💼 NIST SP 800-53 Revision 4 → 💼 MP-8 MEDIA DOWNGRADING	4
💼 NIST SP 800-53 Revision 4 → 💼 SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT	5	4	4
💼 NIST SP 800-53 Revision 4 → 💼 SC-28 PROTECTION OF INFORMATION AT REST	2	3	3

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v2.0 → 💼 PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected			117

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (28)

Policy	Logic Count	Flags
📝 AWS Account EBS Volume Encryption Attribute is not enabled in all regions 🟢	1	🟢 x6
📝 AWS Account Root User has active access keys 🟢	1	🟢 x6
📝 AWS EFS File System encryption is not enabled 🟢	1	🟢 x6
📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢	1	🟢 x6
📝 AWS IAM User has more than one active access key 🟢	1	🟢 x6
📝 AWS IAM User with console and programmatic access set during the initial creation 🟢		🟢 x3
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢	1	🟢 x6
📝 AWS RDS Instance Encryption is not enabled 🟢	1	🟢 x6
📝 Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure Key Vault Soft Delete and Purge Protection functions are not enabled 🟢	1	🟢 x6
📝 Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure Non-RBAC Key Vault stores Keys without expiration date 🟢	1	🟢 x6
📝 Azure Non-RBAC Key Vault stores Secrets without expiration date 🟢	1	🟢 x6
📝 Azure RBAC Key Vault stores Keys without expiration date 🟢	1	🟢 x6
📝 Azure RBAC Key Vault stores Secrets without expiration date 🟢	1	🟢 x6
📝 Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure Storage Account With Critical Data is not encrypted with customer managed key 🟢		🟢 x3
📝 Azure Unattached Managed Disk is not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Google BigQuery Dataset is anonymously or publicly accessible 🟢	1	🟢 x6
📝 Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK) 🟢	1	🟢 x6
📝 Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK) 🟢	1	🟢 x6
📝 Google Cloud DNS Managed Zone DNSSEC is not enabled 🟢	1	🟢 x6
📝 Google Cloud MySQL Instance allows anyone to connect with administrative privileges 🟢		🟢 x3
📝 Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key 🟢	1	🟢 x6
📝 Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK) 🟢	1	🟢 x6
📝 Google GCE Instance Confidential Compute is not enabled 🟢	1	🟢 x6
📝 Google Storage Bucket is anonymously or publicly accessible 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0bdcd276	1
✉️ dec-x-0be4dfe5	1
✉️ dec-x-0feec790	2
✉️ dec-x-4d6fee7a	1
✉️ dec-x-5c3c2067	1
✉️ dec-x-6ba5ecd2	1
✉️ dec-x-9cdb7407	1
✉️ dec-x-82ca4127	2
✉️ dec-x-230b5e35	1
✉️ dec-x-966d3183	1
✉️ dec-x-30795016	1
✉️ dec-x-aef11ebd	1
✉️ dec-x-b10e98af	1
✉️ dec-x-bcb0c78f	1
✉️ dec-x-f63fd4f0	1