PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected

Previous Version:


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Use encryption, digital signatures, and cryptographic hashes to protect the confidentiality and integrity of stored data in files, databases, virtual machine disk images, container images, and other resources

Ex2: Use full disk encryption to protect data stored on user endpoints

Ex3: Confirm the integrity of software by validating signatures

Ex4: Restrict the use of removable media to prevent data exfiltration

Ex5: Physically secure removable media containing unencrypted sensitive information, such as within locked offices or file cabinets