STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-28 — Protection of Information at Rest

CCI-001199

Definition

Protects the confidentiality and/or integrity of organization-defined information at rest.

Parent Control

SC-28Protection of Information at RestSystem and Communications Protection

Linked STIG Checks (174)

V-204679CAT IAAA Services must be configured to protect the confidentiality and integrity of all information at rest.AAA Services Security Requirements Guide V-279070CAT IIColdFusion must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Adobe ColdFusion Security Technical Implementation Guide V-279129CAT IIColdFusion must not install the Performance Monitoring Toolset (PMT) Agent Package.Adobe ColdFusion Security Technical Implementation Guide V-273994CAT IAmazon Linux 2023 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Amazon Linux 2023 Security Technical Implementation Guide V-268144CAT INixOS must protect the confidentiality and integrity of all information at rest.Anduril NixOS Security Technical Implementation Guide V-254606CAT IApple iOS/iPadOS 16 must require a valid password be successfully entered before the mobile device data is unencrypted.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254607CAT IIIApple iOS/iPadOS 16 must implement the management setting: limit Ad Tracking.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254635CAT IIIThe Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-257120CAT IApple iOS/iPadOS 16 must require a valid password be successfully entered before the mobile device data is unencrypted.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257132CAT IIIThe Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-259778CAT IApple iOS/iPadOS 17 must require a valid password be successfully entered before the mobile device data is unencrypted.Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-259791CAT IIIThe Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-258338CAT IApple iOS/iPadOS 17 must require a valid password be successfully entered before the mobile device data is unencrypted.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-258339CAT IIIApple iOS/iPadOS 17 must implement the management setting: limit Ad Tracking.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-258369CAT IIIThe Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-268024CAT IApple iOS/iPadOS 18 must require a valid password be successfully entered before the mobile device data is unencrypted.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-268026CAT IIIApple iOS/iPadOS 18 must implement the management setting: limit Ad Tracking.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-268057CAT IIIThe Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-278784CAT IApple iOS/iPadOS 26 must require a valid password be successfully entered before the mobile device data is unencrypted.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278786CAT IIIApple iOS/iPadOS 26 must implement the management setting: limit Ad Tracking.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278816CAT IIIThe Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-252535CAT IIThe macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257241CAT IThe macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259561CAT IThe macOS system must enforce FileVault.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268556CAT IThe macOS system must enforce FileVault.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277166CAT IThe macOS system must enforce FileVault.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-276392CAT IApple visionOS 2 must require a valid password be successfully entered before the mobile device data is unencrypted.Apple visionOS 2 Security Technical Implementation Guide V-276408CAT IIIThe Apple visionOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.Apple visionOS 2 Security Technical Implementation Guide V-282801CAT IApple visionOS 26 must require a valid password be successfully entered before the mobile device data is unencrypted.Apple visionOS 26 Security Technical Implementation Guide V-282818CAT IIIThe Apple visionOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.Apple visionOS 26 Security Technical Implementation Guide V-274606CAT IIThe API implementation must use FIPS-validated encryption and hashing algorithms to protect the confidentiality and integrity of API keys.Application Programming Interface (API) Security Requirements Guide V-274607CAT IThe API must encrypt sensitive cached data.Application Programming Interface (API) Security Requirements Guide V-222587CAT IIThe application must protect the confidentiality and integrity of stored information when required by DOD policy or the information owner.Application Security and Development Security Technical Implementation Guide V-204770CAT IIThe application server must protect the confidentiality and integrity of all information at rest.Application Server Security Requirements Guide V-204771CAT IIThe application server must employ cryptographic mechanisms to ensure confidentiality and integrity of all information at rest when stored off-line.Application Server Security Requirements Guide V-237331CAT IThe ArcGIS Server must use a full disk encryption solution to protect the confidentiality and integrity of all information.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272427CAT IIPermissions assigned to the DNSSEC keys used with the BIND 9.x implementation must enforce read-only access to the key owner and deny access to all other users.BIND 9.x Security Technical Implementation Guide V-272428CAT IIThe DNSSEC keys used with the BIND 9.x implementation must be owned by a privileged account.BIND 9.x Security Technical Implementation Guide V-272429CAT IIThe DNSSEC keys used with the BIND 9.x implementation must be group owned by a privileged account.BIND 9.x Security Technical Implementation Guide V-219150CAT IIUbuntu operating systems handling data requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238335CAT IIUbuntu operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260484CAT IIUbuntu 22.04 LTS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270747CAT IIUbuntu 24.04 LTS handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-242659CAT IThe Cisco ISE must only allow authorized administrators to view or change the device configuration, system files, and other files stored.Cisco ISE NDM Security Technical Implementation Guide V-269429CAT IAlmaLinux OS 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233586CAT IPostgreSQL must protect the confidentiality and integrity of all information at rest.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261901CAT IPostgreSQL must protect the confidentiality and integrity of all information at rest.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206570CAT IThe DBMS must protect the confidentiality and integrity of all information at rest.Database Security Requirements Guide V-235777CAT IFIPS mode must be enabled on all Docker Engine - Enterprise nodes.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235826CAT IIDocker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-205187CAT IIThe DNS server implementation must protect the confidentiality and integrity of secret/private cryptographic keys at rest and the integrity of DNS information at rest.Domain Name System (DNS) Security Requirements Guide V-270978CAT IIDragos must use FIPS-validated encryption and hashing algorithms to protect the confidentiality and integrity of application configuration files and user-generated data stored or aggregated on the device.Dragos Platform 2.x Security Technical Implementation Guide V-224178CAT IThe EDB Postgres Advanced Server must protect the confidentiality and integrity of all information at rest.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213604CAT IThe EDB Postgres Advanced Server must protect the confidentiality and integrity of all information at rest.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259259CAT IThe EDB Postgres Advanced Server must protect the confidentiality and integrity of all information at rest.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-278405CAT IINGINX must be configured to use FIPS-approved algorithms to protect the confidentiality and integrity of transmitted information.F5 NGINX Security Technical Implementation Guide V-255626CAT IICounterACT must allow only authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media.ForeScout CounterACT NDM Security Technical Implementation Guide V-230971CAT IForescout must only allow authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media (such as a flash drive).Forescout Network Device Management Security Technical Implementation Guide V-234216CAT IThe FortiGate device must only allow authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media (such as a flash drive).Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203661CAT IIThe operating system must protect the confidentiality and integrity of all information at rest.General Purpose Operating System Security Requirements Guide V-221581CAT IIBrowser history must be saved.Google Chrome Current Windows Security Technical Implementation Guide V-283027CAT IIThe HPE Alletra Storage ArcusOS device must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information at rest on all system components.HPE Alletra Storage ArcusOS Web Server Security Technical Implementation Guide V-215207CAT IIAIX must protect the confidentiality and integrity of all information at rest.IBM AIX 7.x Security Technical Implementation Guide V-252591CAT IIIBM Aspera Faspex must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252608CAT IIIBM Aspera Shares must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-213706CAT IIDB2 must protect the confidentiality and integrity of all information at rest.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-255776CAT IIThe MQ Appliance messaging server must implement cryptography mechanisms to protect the integrity of the remote access session.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-223512CAT IIACF2 SECVOLS GSO record value must be set to VOLMASK(). Any local changes are justified and documented with the ISSO.IBM z/OS ACF2 Security Technical Implementation Guide V-223513CAT IIACF2 RESVOLS GSO record value must be set to Volmask(-). Any other setting requires documentation justifying the change.IBM z/OS ACF2 Security Technical Implementation Guide V-223569CAT IThe IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.IBM z/OS ACF2 Security Technical Implementation Guide V-223788CAT IThe IBM z/OS systems requiring data-at-rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.IBM z/OS RACF Security Technical Implementation Guide V-251108CAT IThe IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.IBM z/OS TSS Security Technical Implementation Guide V-237928CAT IIIBM z/VM tapes must use Tape Encryption.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-258600CAT IThe ICS must be configured to prevent nonprivileged users from executing privileged functions.Ivanti Connect Secure NDM Security Technical Implementation Guide V-213536CAT IIJBoss file permissions must be configured to protect the confidentiality and integrity of application files.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-253914CAT IThe Juniper device must be configured to only allow authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media (such as a flash drive).Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-213774CAT IISQL Server must protect data at rest and ensure confidentiality and integrity of data.MS SQL Server 2014 Database Security Technical Implementation Guide V-213779CAT IIThe Database Master Key must be encrypted by the Service Master Key, where a Database Master Key is required and another encryption method has not been specified.MS SQL Server 2014 Database Security Technical Implementation Guide V-213780CAT IIDatabase Master Key passwords must not be stored in credentials within the database.MS SQL Server 2014 Database Security Technical Implementation Guide V-213781CAT IISymmetric keys (other than the database master key) must use a DoD certificate to encrypt the key.MS SQL Server 2014 Database Security Technical Implementation Guide V-213857CAT IIThe Service Master Key must be backed up, stored offline and off-site.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213911CAT IIThe Database Master Key encryption password must meet DOD password complexity requirements.MS SQL Server 2016 Database Security Technical Implementation Guide V-213912CAT IIThe Database Master Key must be encrypted by the Service Master Key, where a Database Master Key is required and another encryption method has not been specified.MS SQL Server 2016 Database Security Technical Implementation Guide V-213913CAT IIThe Certificate used for encryption must be backed up and stored in a secure location that is not on the SQL Server.MS SQL Server 2016 Database Security Technical Implementation Guide V-213972CAT ISQL Server must protect the confidentiality and integrity of all information at rest.MS SQL Server 2016 Instance Security Technical Implementation Guide V-213973CAT IIThe Service Master Key must be backed up and stored in a secure location that is not on the SQL Server.MS SQL Server 2016 Instance Security Technical Implementation Guide V-213974CAT IIThe Master Key must be backed up and stored in a secure location that is not on the SQL Server.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205520CAT IIThe Mainframe Product must protect the confidentiality and integrity of all information at rest.Mainframe Product Security Requirements Guide V-253710CAT IMariaDB must protect the confidentiality and integrity of all information at rest.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220372CAT IMarkLogic Server must protect the confidentiality and integrity of all information at rest.MarkLogic Server v9 Security Technical Implementation Guide V-255339CAT IAzure SQL Database must protect the confidentiality and integrity of all information at rest.Microsoft Azure SQL Database Security Technical Implementation Guide V-276251CAT IAzure SQL Managed Instance must protect the confidentiality and integrity of all information at rest.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-276287CAT IIThe database master key (DMK) encryption password for Azure SQL Server Managed Instance must meet DOD password complexity requirements.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-276288CAT IIThe database master key (DMK) for Azure SQL Server Managed Instance must be encrypted by the service master key (SMK), where a DMK is required and another encryption method has not been specified.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-276289CAT IIThe Certificate used for encryption for Azure SQL Managed Instance must be backed up, stored offline and off-site.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-228376CAT IIExchange Mailboxes must be retained until backups are complete.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-228377CAT IIExchange email forwarding must be restricted.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-228378CAT IIExchange email-forwarding SMTP domains must be restricted.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259671CAT IIExchange mailboxes must be retained until backups are complete.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-259672CAT IIExchange email forwarding must be restricted.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-259673CAT IIExchange email-forwarding SMTP domains must be restricted.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-218807CAT IIThe production IIS 10.0 web server must utilize SHA2 encryption for the Machine Key.Microsoft IIS 10.0 Server Security Technical Implementation Guide V-223025CAT IIUserdata persistence must be disallowed (Internet zone).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223067CAT IIUserdata persistence must be disallowed (Restricted Sites zone).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223291CAT IIOffice applications must be configured to specify encryption type in password-protected Office 97-2003 files.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223292CAT IIOffice applications must be configured to specify encryption type in password-protected Office Open XML files.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-238027CAT IIDocument metadata for password protected files must be protected.Microsoft Office System 2016 Security Technical Implementation Guide V-238028CAT IIThe encryption type for password protected Open XML files must be set.Microsoft Office System 2016 Security Technical Implementation Guide V-238029CAT IIThe encryption type for password protected Office 97 thru Office 2003 must be set.Microsoft Office System 2016 Security Technical Implementation Guide V-271169CAT IIThe Database Master Key encryption password must meet DOD password complexity requirements.Microsoft SQL Server 2022 Database Security Technical Implementation Guide V-271170CAT IIThe Database Master Key must be encrypted by the Service Master Key, where a Database Master Key is required and another encryption method has not been specified.Microsoft SQL Server 2022 Database Security Technical Implementation Guide V-271171CAT IIThe certificate used for encryption must be backed up and stored in a secure location that is not on the SQL Server.Microsoft SQL Server 2022 Database Security Technical Implementation Guide V-271322CAT IThe Master Key must be backed up and stored in a secure location that is not on the SQL Server.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-271323CAT IThe Service Master Key must be backed up and stored in a secure location that is not on the SQL Server.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-271324CAT ISQL Server must protect the confidentiality and integrity of all information at rest.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-220702CAT IWindows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.Microsoft Windows 10 Security Technical Implementation Guide V-220703CAT IWindows 10 systems must use a BitLocker PIN for pre-boot authentication.Microsoft Windows 10 Security Technical Implementation Guide V-220704CAT IWindows 10 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.Microsoft Windows 10 Security Technical Implementation Guide V-220738CAT IIWindows 10 nonpersistent VM sessions must not exceed 24 hours.Microsoft Windows 10 Security Technical Implementation Guide V-253295CAT IIWindows 11 nonpersistent VM sessions must not exceed 24 hours.Microsoft Windows 11 Security Technical Implementation Guide V-215630CAT IIThe Windows 2012 DNS Server must protect secret/private cryptographic keys while at rest.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-224843CAT ISystems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205727CAT IWindows Server 2019 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254262CAT IWindows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278009CAT IIWindows Server 2025 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Microsoft Windows Server 2025 Security Technical Implementation Guide V-259393CAT IIThe Windows DNS Server must protect secret/private cryptographic keys while at rest.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-221178CAT IMongoDB must protect the confidentiality and integrity of all information at rest.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252165CAT IMongoDB must protect the confidentiality and integrity of all information at rest.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265926CAT IMongoDB must protect the confidentiality and integrity of all information at rest.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279361CAT IMongoDB must protect the confidentiality and integrity of all information at rest.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-246927CAT IONTAP must enforce administrator privileges based on their defined roles.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202078CAT IThe network device must only allow authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media (such as a flash drive).Network Device Management Security Requirements Guide V-254115CAT INutanix AOS must protect the confidentiality and integrity of all information at rest.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-279446CAT IINutanix AOS must protect the confidentiality and integrity of all information at rest.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279447CAT IINutanix AOS must employ cryptographic mechanisms to ensure confidentiality and integrity of all information at rest when stored offline.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279621CAT INutanix OS must protect the confidentiality and integrity of all information at rest.Nutanix Acropolis GPOS Security Technical Implementation Guide V-219781CAT IIThe DBMS must take needed steps to protect data at rest and ensure confidentiality and integrity of application data.Oracle Database 11.2g Security Technical Implementation Guide V-220297CAT IThe DBMS must take needed steps to protect data at rest and ensure confidentiality and integrity of application data.Oracle Database 12c Security Technical Implementation Guide V-270574CAT IOracle Database must take steps to protect data at rest and ensure confidentiality and integrity of application data.Oracle Database 19c Security Technical Implementation Guide V-221758CAT IThe Oracle Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.Oracle Linux 7 Security Technical Implementation Guide V-248525CAT IAll OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.Oracle Linux 8 Security Technical Implementation Guide V-271756CAT IOL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Oracle Linux 9 Security Technical Implementation Guide V-235155CAT IThe MySQL Database Server 8.0 must protect the confidentiality and integrity of all information at rest.Oracle MySQL 8.0 Security Technical Implementation Guide V-214120CAT IPostgreSQL must protect the confidentiality and integrity of all information at rest.PostgreSQL 9.x Security Technical Implementation Guide V-280935CAT IRHEL 10 must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information on local disk partitions that requires at-rest protection.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204497CAT IThe Red Hat Enterprise Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230224CAT IAll RHEL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-257879CAT IRHEL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-251242CAT IRedis Enterprise DBMS must protect the confidentiality and integrity of all information at rest.Redis Enterprise 6.x Security Technical Implementation Guide V-275578CAT IIUbuntu OS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest.Riverbed NetIM OS Security Technical Implementation Guide V-261284CAT IAll SLEM 5 persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217146CAT IAll SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-276545CAT ISamsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.Samsung Android 16 COBO Security Technical Implementation Guide V-276652CAT ISamsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.Samsung Android 16 COPE Security Technical Implementation Guide V-255119CAT ISamsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.Samsung Android OS 13 with Knox 3.x COBO Security Technical Implementation Guide V-255148CAT ISamsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.Samsung Android OS 13 with Knox 3.x COPE Security Technical Implementation Guide V-258638CAT ISamsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.Samsung Android OS 14 with Knox 3.x COBO Security Technical Implementation Guide V-258674CAT ISamsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.Samsung Android OS 14 with Knox 3.x COPE Security Technical Implementation Guide V-268935CAT ISamsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.Samsung Android OS 15 with Knox 3.x COBO Security Technical Implementation Guide V-269034CAT ISamsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.Samsung Android OS 15 with Knox 3.x COPE Security Technical Implementation Guide V-216413CAT IIIThe operating system must protect the confidentiality and integrity of information at rest.Solaris 11 SPARC Security Technical Implementation Guide V-216176CAT IIIThe operating system must protect the confidentiality and integrity of information at rest.Solaris 11 X86 Security Technical Implementation Guide V-279251CAT IThe Edge SWG must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Symantec Edge SWG NDM Security Technical Implementation Guide V-254853CAT IIThe Tanium Operating System (TanOS) must use FIPS-validated encryption and hashing algorithms to protect the confidentiality and integrity of operating system configuration and user-generated data stored on the host.Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-253085CAT IIAll TOSS local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282514CAT ITOSS 5 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-265292CAT IThe NSX Manager must assign users/accounts to organization-defined roles configured with approved authorizations.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-256331CAT IThe vCenter Server must enable FIPS-validated cryptography.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258917CAT IThe vCenter Server must enable FIPS-validated cryptography.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-207407CAT IIThe VMM must protect the confidentiality and integrity of all information at rest.Virtual Machine Manager Security Requirements Guide V-206407CAT IIInformation at rest must be encrypted using a DOD-accepted algorithm to protect the confidentiality and integrity of the information.Web Server Security Requirements Guide V-73273CAT IISystems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Windows Server 2016 Security Technical Implementation Guide V-73273CAT IISystems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Windows Server 2016 Security Technical Implementation Guide V-93515CAT IIWindows Server 2019 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Windows Server 2019 Security Technical Implementation Guide