Skip to main content

πŸ’Ό SC-28(1) Protection of Information at Rest | Cryptographic Protection

  • Contextual name: πŸ’Ό SC-28(1) Protection of Information at Rest | Cryptographic Protection
  • ID: /frameworks/nist-sp-800-53-r5/sc/28/01
  • Located in: πŸ’Ό SC-28 Protection of Information at Rest

Description​

Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on [Assignment: organization-defined system components or media]: [Assignment: organization-defined information].

Similar​

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/05
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/02
    • /frameworks/aws-fsbp-v1.0.0/codebuild/03
    • /frameworks/aws-fsbp-v1.0.0/documentdb/01
    • /frameworks/aws-fsbp-v1.0.0/dynamodb/03
    • /frameworks/aws-fsbp-v1.0.0/ec2/03
    • /frameworks/aws-fsbp-v1.0.0/ec2/07
    • /frameworks/aws-fsbp-v1.0.0/efs/01
    • /frameworks/aws-fsbp-v1.0.0/elasticache/04
    • /frameworks/aws-fsbp-v1.0.0/es/01
    • /frameworks/aws-fsbp-v1.0.0/kinesis/01
    • /frameworks/aws-fsbp-v1.0.0/neptune/01
    • /frameworks/aws-fsbp-v1.0.0/neptune/06
    • /frameworks/aws-fsbp-v1.0.0/opensearch/01
    • /frameworks/aws-fsbp-v1.0.0/rds/03
    • /frameworks/aws-fsbp-v1.0.0/rds/04
    • /frameworks/aws-fsbp-v1.0.0/rds/27
    • /frameworks/aws-fsbp-v1.0.0/redshift/10
    • /frameworks/aws-fsbp-v1.0.0/sqs/01
  • Internal
    • ID: dec-c-d290bbe3

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [APIGateway.5] API Gateway REST API cache data should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudTrail.2] CloudTrail should have encryption at-rest enabled1
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CodeBuild.3] CodeBuild S3 logs should be encrypted
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DocumentDB.1] Amazon DocumentDB clusters should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DynamoDB.3] DynamoDB Accelerator (DAX) clusters should be encrypted at rest11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.3] Attached Amazon EBS volumes should be encrypted at-rest1
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.7] EBS default encryption should be enabled11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EFS.1] Elastic File System should be configured to encrypt file data at-rest using AWS KMS11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ElastiCache.4] ElastiCache replication groups should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ES.1] Elasticsearch domains should have encryption at-rest enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Kinesis.1] Kinesis streams should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Neptune.1] Neptune DB clusters should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Neptune.6] Neptune DB cluster snapshots should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Opensearch.1] OpenSearch domains should have encryption at rest enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.3] RDS DB instances should have encryption at-rest enabled11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.4] RDS cluster snapshots and database snapshots should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.27] RDS DB clusters should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Redshift.10] Redshift clusters should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [SQS.1] Amazon SQS queues should be encrypted at rest

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SC-28(1) Cryptographic Protection (L)(M)(H)514
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SC-28(1) Cryptographic Protection (L)(M)(H)14

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (14)​

PolicyLogic CountFlags
πŸ“ AWS Account EBS Volume Encryption Attribute is not enabled in all regions 🟒1🟒 x6
πŸ“ AWS CloudTrail is not encrypted with KMS CMK 🟒1🟒 x6
πŸ“ AWS DAX Cluster Server-Side Encryption is not enabled 🟒1🟒 x6
πŸ“ AWS EBS Attached Volume is not encrypted 🟒1🟒 x6
πŸ“ AWS EFS File System encryption is not enabled 🟒1🟒 x6
πŸ“ AWS KMS Symmetric CMK Rotation is not enabled 🟒1🟒 x6
πŸ“ AWS RDS Instance Encryption is not enabled 🟒1🟒 x6
πŸ“ Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled 🟒1🟒 x6
πŸ“ Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key 🟒1🟒 x6
πŸ“ Azure Storage Account Require Infrastructure Encryption is not enabled 🟒1🟒 x6
πŸ“ Azure Unattached Managed Disk is not encrypted with Customer-managed key 🟒1🟒 x6
πŸ“ Azure Virtual Machine is not utilizing Managed Disks 🟒1🟒 x6
πŸ“ Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-0bdcd2761
βœ‰οΈ dec-x-4d6fee7a1
βœ‰οΈ dec-x-5c3c20671
βœ‰οΈ dec-x-6ba5ecd21
βœ‰οΈ dec-x-6ed261671
βœ‰οΈ dec-x-9cdb74071
βœ‰οΈ dec-x-230b5e351
βœ‰οΈ dec-x-588af79c1
βœ‰οΈ dec-x-c2bf987a1
βœ‰οΈ dec-x-f63fd4f01