SC-28(1): Cryptographic Protection

Control Family:

System and Communications Protection

Parent Control:

SC-28: Protection of Information at Rest

CSF v1.1 References:

PR.DS-1

Threats Addressed:

Baselines:

Moderate
High

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-28(1): Cryptographic Protection

Incorporates the following control from the previous version: MP-5(4): Cryptographic Protection.

Control Statement

Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on [Assignment: organization-defined system components or media]: [Assignment: organization-defined information].

Supplemental Guidance

The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category or classification of the information. Organizations have the flexibility to encrypt information on system components or media or encrypt data structures, including files, records, or fields.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5

Critical Security Controls Version 8

Critical Security Controls Version 7.1