💼 SC-28(1) Protection of Information at Rest | Cryptographic Protection

• Contextual name: 💼 SC-28(1) Protection of Information at Rest | Cryptographic Protection
• ID: /frameworks/nist-sp-800-53-r5/sc/28/01
• Located in: 💼 SC-28 Protection of Information at Rest

Description

Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on [Assignment: organization-defined system components or media]: [Assignment: organization-defined information].

Similar

• Sections
  • /frameworks/aws-fsbp-v1.0.0/api-gateway/05
  • /frameworks/aws-fsbp-v1.0.0/cloudtrail/02
  • /frameworks/aws-fsbp-v1.0.0/codebuild/03
  • /frameworks/aws-fsbp-v1.0.0/documentdb/01
  • /frameworks/aws-fsbp-v1.0.0/dynamodb/03
  • /frameworks/aws-fsbp-v1.0.0/ec2/03
  • /frameworks/aws-fsbp-v1.0.0/ec2/07
  • /frameworks/aws-fsbp-v1.0.0/efs/01
  • /frameworks/aws-fsbp-v1.0.0/elasticache/04
  • /frameworks/aws-fsbp-v1.0.0/es/01
  • /frameworks/aws-fsbp-v1.0.0/kinesis/01
  • /frameworks/aws-fsbp-v1.0.0/neptune/01
  • /frameworks/aws-fsbp-v1.0.0/neptune/06
  • /frameworks/aws-fsbp-v1.0.0/opensearch/01
  • /frameworks/aws-fsbp-v1.0.0/rds/03
  • /frameworks/aws-fsbp-v1.0.0/rds/04
  • /frameworks/aws-fsbp-v1.0.0/rds/27
  • /frameworks/aws-fsbp-v1.0.0/redshift/10
  • /frameworks/aws-fsbp-v1.0.0/sqs/01
• Internal
  • ID: dec-c-d290bbe3

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.5] API Gateway REST API cache data should be encrypted at rest
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.2] CloudTrail should have encryption at-rest enabled			1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CodeBuild.3] CodeBuild S3 logs should be encrypted
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DocumentDB.1] Amazon DocumentDB clusters should be encrypted at rest
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DynamoDB.3] DynamoDB Accelerator (DAX) clusters should be encrypted at rest		1	1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.3] Attached Amazon EBS volumes should be encrypted at-rest			1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.7] EBS default encryption should be enabled		1	1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EFS.1] Elastic File System should be configured to encrypt file data at-rest using AWS KMS		1	1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.4] ElastiCache replication groups should be encrypted at rest
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.1] Elasticsearch domains should have encryption at-rest enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Kinesis.1] Kinesis streams should be encrypted at rest
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.1] Neptune DB clusters should be encrypted at rest
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.6] Neptune DB cluster snapshots should be encrypted at rest
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.1] OpenSearch domains should have encryption at rest enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.3] RDS DB instances should have encryption at-rest enabled		1	1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.4] RDS cluster snapshots and database snapshots should be encrypted at rest
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.27] RDS DB clusters should be encrypted at rest
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.10] Redshift clusters should be encrypted at rest
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SQS.1] Amazon SQS queues should be encrypted at rest

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP High Security Controls → 💼 SC-28(1) Cryptographic Protection (L)(M)(H)		5	14
💼 FedRAMP Low Security Controls → 💼 SC-28(1) Cryptographic Protection (L)(M)(H)			14

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (14)

Policy	Logic Count	Flags
📝 AWS Account EBS Volume Encryption Attribute is not enabled in all regions 🟢	1	🟢 x6
📝 AWS CloudTrail is not encrypted with KMS CMK 🟢	1	🟢 x6
📝 AWS DAX Cluster Server-Side Encryption is not enabled 🟢	1	🟢 x6
📝 AWS EBS Attached Volume is not encrypted 🟢	1	🟢 x6
📝 AWS EFS File System encryption is not enabled 🟢	1	🟢 x6
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢	1	🟢 x6
📝 AWS RDS Instance Encryption is not enabled 🟢	1	🟢 x6
📝 Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled 🟢	1	🟢 x6
📝 Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure Storage Account Require Infrastructure Encryption is not enabled 🟢	1	🟢 x6
📝 Azure Unattached Managed Disk is not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure Virtual Machine is not utilizing Managed Disks 🟢	1	🟢 x6
📝 Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key 🟢	1	🟢 x6

Internal Rules

Rule	Policies	Flags
✉️ dec-x-0bdcd276	1
✉️ dec-x-4d6fee7a	1
✉️ dec-x-5c3c2067	1
✉️ dec-x-6ba5ecd2	1
✉️ dec-x-6ed26167	1
✉️ dec-x-9cdb7407	1
✉️ dec-x-230b5e35	1
✉️ dec-x-588af79c	1
✉️ dec-x-c2bf987a	1
✉️ dec-x-f63fd4f0	1