SC-28 Protection of Information at Rest

GPTKB entity

Statements (48)
Predicate Object
gptkbp:instanceOf gptkb:NIST_Special_Publication
gptkbp:address Confidentiality
Integrity
gptkbp:appliesTo Federal information systems
Data stored in cloud environments
Data stored in databases
Data stored in file systems
Data stored on backup media
Data stored on digital media
Data stored on portable devices
All federal information systems except those designated as National Security Systems
gptkbp:category Technical Control
gptkbp:compatibleWith Federal agencies must comply with SC-28
gptkbp:controlIdentifier SC-28
gptkbp:doesNotRegulate Availability
gptkbp:family gptkb:System_and_Communications_Protection_(SC)
gptkbp:firstPublished 2005
https://www.w3.org/2000/01/rdf-schema#label SC-28 Protection of Information at Rest
gptkbp:improves SC-28(1) Cryptographic Protection
SC-28(2) Off-line Storage
SC-28(3) Use of Non-organizational Storage Devices
SC-28(4) Cryptographic Key Management
gptkbp:latestReleaseVersion 2020
gptkbp:mandate Organizations must protect information at rest using approved security measures
gptkbp:mitigatedBy Data theft
Data breach
Insider threat
Loss of confidentiality
Loss of integrity
gptkbp:partOf gptkb:NIST_SP_800-53_Revision_5
gptkbp:publishedBy gptkb:National_Institute_of_Standards_and_Technology_(NIST)
gptkbp:purpose Protect the confidentiality and integrity of information at rest
gptkbp:relatedStandard gptkb:PCI_DSS
gptkb:FedRAMP
gptkb:ISO/IEC_27001
gptkb:HIPAA_Security_Rule
CJIS Security Policy
gptkbp:relatedTo gptkb:FIPS_140-3
gptkb:NIST_SP_800-53A
gptkb:FIPS_199
gptkb:FIPS_200
NIST SP 800-111
gptkbp:requires Employ cryptographic mechanisms to protect information at rest
gptkbp:securityObjective Protect sensitive data from unauthorized modification
Protect sensitive data from unauthorized disclosure
gptkbp:status Current
gptkbp:bfsParent gptkb:System_and_Communications_Protection_(SC)
gptkbp:bfsLayer 7