SC-28 (1)

System and Communications ProtectionRev 5system

Cryptographic Protection

Baselines:ModerateHigh

Control Statement

Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on [Assignment: system components or media]: [Assignment: information].

Supplemental Guidance

The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category or classification of the information. Organizations have the flexibility to encrypt information on system components or media or encrypt data structures, including files, records, or fields.

Related Controls (3)

AC-19 SC-12 SC-13

CCI Identifiers (6)

CCI-002473Defines the information at rest for which cryptographic mechanisms will be implemented.CCI-002474Defines the system components which require the implementation of cryptographic mechanisms to prevent unauthorized disclosure and modification of organization-defined information at rest.CCI-002475Implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined system components.CCI-002476Implement cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined system components.CCI-001200The organization employs cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures.CCI-001666The organization employs cryptographic mechanisms to prevent unauthorized modification of information at rest unless otherwise protected by alternative physical measures.

Linked STIG Checks (129)

Across 89 STIGs. Click to expand.