SC-28-727 Protection of Information at Rest

Protection of Information at Rest

Protection of Information at Rest
System and Communications Protection
Sensitive data is exposed to unauthorized disclosure or modification while in storage.
The information system protects the [Selection (one or more): confidentiality; integrity] of [Assignment: organization-defined information at rest].
Information is protected while at rest, through encryption or other security mechanism.
No statewide control
Obtain system and communications protection policy; procedures addressing protection of information at rest; information system design documentation; information system configuration settings and associated documentation; cryptographic mechanisms and associated configuration documentation; list of information at rest requiring confidentiality and integrity protections; other relevant documents or records and ascertain if: (I) if the information system protects the confidentiality and integrity of information at rest.