Sensitive data is exposed to unauthorized disclosure or modification while in storage.
The information system protects the [Selection (one or more): confidentiality; integrity] of [Assignment: organization-defined information at rest].
Information is protected while at rest, through encryption or other security mechanism.
No statewide control
Obtain system and communications protection policy; procedures addressing protection of information at rest; information system design documentation; information system configuration settings and associated documentation; cryptographic mechanisms and associated configuration documentation; list of information at rest requiring confidentiality and integrity protections; other relevant documents or records and ascertain if:
(I) if the information system protects the confidentiality and integrity of information at rest.
