SC-28 Protection of Information at Rest

URI: https://gptkb.org/entity/SC-28_Protection_of_Information_at_Rest

GPTKB entity

Statements (48)

Predicate	Object
gptkbp:instanceOf	gptkb:NIST_Special_Publication
gptkbp:address	Confidentiality Integrity
gptkbp:appliesTo	Federal information systems Data stored in cloud environments Data stored in databases Data stored in file systems Data stored on backup media Data stored on digital media Data stored on portable devices All federal information systems except those designated as National Security Systems
gptkbp:category	Technical Control
gptkbp:compatibleWith	Federal agencies must comply with SC-28
gptkbp:controlIdentifier	SC-28
gptkbp:doesNotRegulate	Availability
gptkbp:family	gptkb:System_and_Communications_Protection_(SC)
gptkbp:firstPublished	2005
https://www.w3.org/2000/01/rdf-schema#label	SC-28 Protection of Information at Rest
gptkbp:improves	SC-28(1) Cryptographic Protection SC-28(2) Off-line Storage SC-28(3) Use of Non-organizational Storage Devices SC-28(4) Cryptographic Key Management
gptkbp:latestReleaseVersion	2020
gptkbp:mandate	Organizations must protect information at rest using approved security measures
gptkbp:mitigatedBy	Data theft Data breach Insider threat Loss of confidentiality Loss of integrity
gptkbp:partOf	gptkb:NIST_SP_800-53_Revision_5
gptkbp:publishedBy	gptkb:National_Institute_of_Standards_and_Technology_(NIST)
gptkbp:purpose	Protect the confidentiality and integrity of information at rest
gptkbp:relatedStandard	gptkb:PCI_DSS gptkb:FedRAMP gptkb:ISO/IEC_27001 gptkb:HIPAA_Security_Rule CJIS Security Policy
gptkbp:relatedTo	gptkb:FIPS_140-3 gptkb:NIST_SP_800-53A gptkb:FIPS_199 gptkb:FIPS_200 NIST SP 800-111
gptkbp:requires	Employ cryptographic mechanisms to protect information at rest
gptkbp:securityObjective	Protect sensitive data from unauthorized modification Protect sensitive data from unauthorized disclosure
gptkbp:status	Current
gptkbp:bfsParent	gptkb:System_and_Communications_Protection_(SC)
gptkbp:bfsLayer	7