STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-28 (1) — Protection of Information at Rest

CCI-002476

Definition

Implement cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined system components.

Parent Control

SC-28 (1)Protection of Information at RestSystem and Communications Protection

Linked STIG Checks (87)

V-273994CAT IAmazon Linux 2023 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Amazon Linux 2023 Security Technical Implementation Guide V-268144CAT INixOS must protect the confidentiality and integrity of all information at rest.Anduril NixOS Security Technical Implementation Guide V-222968CAT ITomcat must use FIPS-validated ciphers on secured connectors.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252535CAT IIThe macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257241CAT IThe macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268556CAT IThe macOS system must enforce FileVault.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277166CAT IThe macOS system must enforce FileVault.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222589CAT IThe application must use appropriate cryptography in order to protect stored DOD information when required by the information owner or DOD policy.Application Security and Development Security Technical Implementation Guide V-204813CAT IThe application must implement cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined information system components.Application Server Security Requirements Guide V-251654CAT ICA IDMS must use pervasive encryption to cryptographically protect the confidentiality and integrity of all information at rest in accordance with data owner requirements.CA IDMS Security Technical Implementation Guide V-219150CAT IIUbuntu operating systems handling data requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238335CAT IIUbuntu operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260484CAT IIUbuntu 22.04 LTS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270747CAT IIUbuntu 24.04 LTS handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-269429CAT IAlmaLinux OS 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233220CAT IThe container platform keystore must implement encryption to prevent unauthorized disclosure of information at rest within the container platform.Container Platform Security Requirements Guide V-233605CAT IIPostgreSQL must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261931CAT IIPostgreSQL must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206605CAT IThe DBMS must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.Database Security Requirements Guide V-205215CAT IThe DNS server implementation must utilize cryptographic mechanisms to prevent unauthorized disclosure of non-DNS data stored on the DNS server.Domain Name System (DNS) Security Requirements Guide V-224207CAT IIThe EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213632CAT IIThe EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259291CAT IIThe EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-203746CAT IThe operating system must implement cryptographic mechanisms to prevent unauthorized disclosure of all information at rest on all operating system components.General Purpose Operating System Security Requirements Guide V-237819CAT IIIThe storage system must implement cryptographic mechanisms to prevent unauthorized modification or disclosure of all information at rest on all storage system components.HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide V-255274CAT IIThe HPE 3PAR OS must be configured to implement cryptographic mechanisms to prevent the unauthorized modification or disclosure of all information at rest on all operating system components.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-215283CAT IIAIX must encrypt user data at rest using AIX Encrypted File System (EFS) if it is required.IBM AIX 7.x Security Technical Implementation Guide V-252591CAT IIIBM Aspera Faspex must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252608CAT IIIBM Aspera Shares must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252617CAT IIThe IBM Aspera High-Speed Transfer Endpoint must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252621CAT IIThe IBM Aspera High-Speed Transfer Endpoint must not store group content-protection secrets in plain text.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252622CAT IIThe IBM Aspera High-Speed Transfer Endpoint must not store node content-protection secrets in plain text.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252623CAT IIThe IBM Aspera High-Speed Transfer Endpoint must not store user content-protection secrets in plain text.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252632CAT IIThe IBM Aspera High-Speed Transfer Server must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR).IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252637CAT IIThe IBM Aspera High-Speed Transfer Server must not store group content-protection secrets in plain text.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252638CAT IIThe IBM Aspera High-Speed Transfer Server must not store node content-protection secrets in plain text.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252639CAT IIThe IBM Aspera High-Speed Transfer Server must not store user content-protection secrets in plain text.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-213730CAT IIDB2 must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-255776CAT IIThe MQ Appliance messaging server must implement cryptography mechanisms to protect the integrity of the remote access session.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-250336CAT IThe WebSphere Liberty Server must store only encrypted representations of user passwords.IBM WebSphere Liberty Server Security Technical Implementation Guide V-223569CAT IThe IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.IBM z/OS ACF2 Security Technical Implementation Guide V-251108CAT IThe IBM z/OS systems requiring data at rest protection must properly employ IBM DS8880 or equivalent hardware solutions for full disk encryption.IBM z/OS TSS Security Technical Implementation Guide V-274884CAT IIKubernetes must limit Secret access on a need-to-know basis.Kubernetes Security Technical Implementation Guide V-213876CAT IISQL Server must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.MS SQL Server 2014 Instance Security Technical Implementation Guide V-205585CAT IThe Mainframe Product must implement cryptographic mechanisms to prevent unauthorized disclosure of all information not cleared for public release at rest on system components outside of organization facilities.Mainframe Product Security Requirements Guide V-253740CAT IMariaDB must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220388CAT IMarkLogic Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.MarkLogic Server v9 Security Technical Implementation Guide V-255322CAT IAzure SQL Database must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.Microsoft Azure SQL Database Security Technical Implementation Guide V-276238CAT IIAzure SQL Managed Instance must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-218768CAT IThe IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certificates.Microsoft IIS 10.0 Site Security Technical Implementation Guide V-223285CAT IDocument metadata for rights managed Office Open XML files must be protected.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-238026CAT IIRights managed Office Open XML files must be protected.Microsoft Office System 2016 Security Technical Implementation Guide V-238037CAT IIEncrypt document properties must be configured for OLE documents.Microsoft Office System 2016 Security Technical Implementation Guide V-271201CAT ISQL Server must implement cryptographic mechanisms to prevent unauthorized modification or disclosure of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.Microsoft SQL Server 2022 Database Security Technical Implementation Guide V-220702CAT IWindows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.Microsoft Windows 10 Security Technical Implementation Guide V-220703CAT IWindows 10 systems must use a BitLocker PIN for pre-boot authentication.Microsoft Windows 10 Security Technical Implementation Guide V-220704CAT IWindows 10 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication.Microsoft Windows 10 Security Technical Implementation Guide V-253260CAT IWindows 11 systems must use a BitLocker PIN for pre-boot authentication.Microsoft Windows 11 Security Technical Implementation Guide V-224843CAT ISystems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205727CAT IWindows Server 2019 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254262CAT IWindows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278009CAT IIWindows Server 2025 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260911CAT IISwarm Secrets or Kubernetes Secrets must be used.Mirantis Kubernetes Engine Security Technical Implementation Guide V-252147CAT IIMongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265947CAT IIMongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279387CAT IMongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-254115CAT INutanix AOS must protect the confidentiality and integrity of all information at rest.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-279448CAT IINutanix AOS must implement cryptographic mechanisms to prevent unauthorized access to data at rest.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279621CAT INutanix OS must protect the confidentiality and integrity of all information at rest.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221758CAT IThe Oracle Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.Oracle Linux 7 Security Technical Implementation Guide V-248525CAT IAll OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.Oracle Linux 8 Security Technical Implementation Guide V-271756CAT IOL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Oracle Linux 9 Security Technical Implementation Guide V-235193CAT IThe MySQL Database Server 8.0 must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.Oracle MySQL 8.0 Security Technical Implementation Guide V-214139CAT IIPostgreSQL must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.PostgreSQL 9.x Security Technical Implementation Guide V-280935CAT IRHEL 10 must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information on local disk partitions that requires at-rest protection.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204497CAT IThe Red Hat Enterprise Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-257879CAT IRHEL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257564CAT IIOpenShift keystore must implement encryption to prevent unauthorized disclosure of information at rest within the container platform.Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide V-257564CAT IIOpenShift keystore must implement encryption to prevent unauthorized disclosure of information at rest within the container platform.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-251244CAT IRedis Enterprise DBMS must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.Redis Enterprise 6.x Security Technical Implementation Guide V-275578CAT IIUbuntu OS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest.Riverbed NetIM OS Security Technical Implementation Guide V-261284CAT IAll SLEM 5 persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-234077CAT IIThe Tanium Server must protect the confidentiality and integrity of transmitted information, in preparation to be transmitted and data at rest, with cryptographic signing capabilities enabled to protect the authenticity of communications sessions when making requests from Tanium Clients.Tanium 7.3 Security Technical Implementation Guide V-253085CAT IIAll TOSS local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282514CAT ITOSS 5 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-207495CAT IIThe VMM must implement cryptographic mechanisms to prevent unauthorized disclosure of all information at rest on all VMM components.Virtual Machine Manager Security Requirements Guide V-206431CAT IThe web server must encrypt user identifiers and passwords.Web Server Security Requirements Guide