800-53|SC-28(1)

Title

CRYPTOGRAPHIC PROTECTION

Description

The information system implements cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined information] on [Assignment: organization-defined information system components].

Supplemental

Selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category and/or classification of the information. This control enhancement applies to significant concentrations of digital media in organizational areas designated for media storage and also to limited quantities of media generally associated with information system components in operational environments (e.g., portable storage devices, mobile devices). Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields). Organizations employing cryptographic mechanisms to protect information at rest also consider cryptographic key management solutions.

Reference Item Details

Related: AC-19,SC-12

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: PROTECTION OF INFORMATION AT REST

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3 Ensure 'Master Key Passphrase' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 DC L1 v3.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Windows Server 2012 MS L1 v3.0.0
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - DisabledWindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled' - DisabledWindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
1.1.7 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
1.2.23 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriateUnixCIS Kubernetes v1.10.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.25 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 DaysGCPCIS Google Cloud Platform v3.0.0 L1
1.17 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret ManagerGCPCIS Google Cloud Platform v3.0.0 L1