SC-28: Protection Of Information At Rest

Generated

2019-04-12 13:01:48.067729

Status

Statements

The information system protects the [Selection (one or more): confidentiality; integrity] of [Assignment: organization-defined information at rest].

STIG

STIG #	Description	Result
V-72995	PostgreSQL must protect the confidentiality and integrity of all information at rest.	passed
V-73003	PostgreSQL must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.	passed
V-73035	PostgreSQL must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.	passed

Additional Guidance

This control addresses the confidentiality and integrity of information at rest and covers user information and system information. Information at rest refers to the state of information when it is located on storage devices as specific components of information systems. System-related information requiring protection includes, for example, configurations or rule sets for firewalls, gateways, intrusion detection/prevention systems, filtering routers, and authenticator content. Organizations may employ different mechanisms to achieve confidentiality and integrity protections, including the use of cryptographic mechanisms and file share scanning. Integrity protection can be achieved, for example, by implementing Write-Once-Read-Many (WORM) technologies. Organizations may also employ other security controls including, for example, secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved and/or continuous monitoring to identify malicious code at rest.

Related Controls

• AC-3
• AC-6
• CA-7
• CM-3
• CM-5
• CM-6
• PE-3
• SC-8
• SC-13
• SI-3
• SI-7