SC-28(2): Off-Line Storage

Control Family:

System And Communications Protection

Parent Control:

SC-28: Protection Of Information At Rest

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.DS-1

Threats Addressed:

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-28(2): Offline Storage

Control Statement

The organization removes from online storage and stores off-line in a secure location [Assignment: organization-defined information].

Supplemental Guidance

Removing organizational information from online information system storage to off-line storage eliminates the possibility of individuals gaining unauthorized access to the information through a network. Therefore, organizations may choose to move information to off-line storage in lieu of protecting such information in online storage.