GLBA · Elements of the information security program
§314.4(c)(3) Encryption of customer information
Encrypt customer information at rest and in transit, or use an approved compensating control.
Mapped across 15 provisions
Equivalent and related requirements in other frameworks and regulations.
- CIS Controls v8EquivalentCurated3.11 Encrypt sensitive data at rest
Cryptography & data protection
- DORAPartialCuratedArt. 9 Protection and prevention
Cryptography & data protection
- GDPRPartialCuratedArt. 32 Security of processing
Cryptography & data protection
- HIPAAEquivalentCurated§164.312(e)(1) Transmission security
Cryptography & data protection
- ISO 27001EquivalentCuratedA.8.24 Use of cryptography
Cryptography & data protection
- LGPDPartialCuratedArt. 46 Security measures
Cryptography & data protection
- NIS2EquivalentCuratedArt. 21(2)(h) Cryptography and encryption
Cryptography & data protection
- NIST 800-171EquivalentCurated3.13.11 Employ FIPS-validated cryptography
Cryptography & data protection
- NIST 800-53EquivalentCuratedSC-8 Transmission confidentiality and integrity
Cryptography & data protection
- NIST 800-53EquivalentCuratedSC-28 Protection of information at rest
Cryptography & data protection
- NIST CSF 2.0EquivalentCuratedPR.DS-01 Confidentiality of data-at-rest protected
Cryptography & data protection
- NIST CSF 2.0EquivalentCuratedPR.DS-02 Confidentiality of data-in-transit protected
Cryptography & data protection
- PCI DSSEquivalentCuratedReq. 3 Protect stored account data
Cryptography & data protection
- PCI DSSEquivalentCuratedReq. 4 Protect cardholder data with strong cryptography during transmission
Cryptography & data protection
- SOC 2PartialCuratedCC6.7 Restricting data transmission
Cryptography & data protection