NIST 800-53 · SC — System and Communications Protection
SC-28 Protection of information at rest
Protect the confidentiality and integrity of information at rest, typically through cryptography.
Mapped across 15 provisions
Equivalent and related requirements in other frameworks and regulations.
- ISO 27001EquivalentOfficial mapping
Source: NIST SP 800-53 Rev. 5 / ISO/IEC 27001
A.8.24 Use of cryptographyCryptography & data protection
- NIST CSF 2.0EquivalentOfficial mapping
Source: NIST CSF 2.0 / SP 800-53 Rev. 5
PR.DS-01 Confidentiality of data-at-rest protectedCryptography & data protection
- CIS Controls v8EquivalentCurated3.11 Encrypt sensitive data at rest
Cryptography & data protection
- DORAPartialCuratedArt. 9 Protection and prevention
Cryptography & data protection
- GDPRPartialCuratedArt. 32 Security of processing
Cryptography & data protection
- GLBAEquivalentCurated§314.4(c)(3) Encryption of customer information
Cryptography & data protection
- HIPAAEquivalentCurated§164.312(e)(1) Transmission security
Cryptography & data protection
- LGPDPartialCuratedArt. 46 Security measures
Cryptography & data protection
- NIS2EquivalentCuratedArt. 21(2)(h) Cryptography and encryption
Cryptography & data protection
- NIST 800-171EquivalentCurated3.13.11 Employ FIPS-validated cryptography
Cryptography & data protection
- NIST 800-53EquivalentCuratedSC-8 Transmission confidentiality and integrity
Cryptography & data protection
- NIST CSF 2.0EquivalentCuratedPR.DS-02 Confidentiality of data-in-transit protected
Cryptography & data protection
- PCI DSSEquivalentCuratedReq. 3 Protect stored account data
Cryptography & data protection
- PCI DSSEquivalentCuratedReq. 4 Protect cardholder data with strong cryptography during transmission
Cryptography & data protection
- SOC 2PartialCuratedCC6.7 Restricting data transmission
Cryptography & data protection