3.11: Encrypt Sensitive Data at Rest
CSF v1.1 References:
PF v1.0 References:
Incorporates the following controls from the previous version: 14.8: Encrypt Sensitive Information at Rest, 16.4: Encrypt or Hash all Authentication Credentials.
Encrypt sensitive data at rest on servers, applications, and databases containing sensitive data. Storage-layer encryption, also known as server-side encryption, meets the minimum requirement of this Safeguard. Additional encryption methods may include application-layer encryption, also known as client-side encryption, where access to the data storage device(s) does not permit access to the plain-text data.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]