SAMMY UI is optimized for resolutions with a width 1024px and higher.
CIS Critical Security Controls
Browse CIS Critical...
3,1: Establish and Maintain a Data Management Process
3,2: Establish and Maintain a Data Inventory
3,3: Configure Data Access Control Lists
3,4: Enforce Data Retention
3,5: Securely Dispose of Data
3,6: Encrypt Data on End-User Devices
3,7: Establish and Maintain a Data Classification Scheme
3,8: Document Data Flows
3,9: Encrypt Data on Removable Media
3,10: Encrypt Sensitive Data in Transit
3,11: Encrypt Sensitive Data at Rest
3,12: Segment Data Processing and Storage Based on Sensitivity
3,13: Deploy a Data Loss Prevention Solution
3,14: Log Sensitive Data Access
Encrypt Sensitive Data at Rest
3,11: Encrypt Sensitive Data at Rest
Policy defined
Not applicable - Not applicable
None - None
Informal - Informal
Partially written - Partially written
Written - Written
Approved and communicated - Approved and communicated
Control implemented
Not applicable - Not applicable
Not implemented - Not implemented
Parts of policy implemented - Parts of policy implemented
Implemented on some systems - Implemented on some systems
Implemented on most systems - Implemented on most systems
Implemented on all systems - Implemented on all systems
Control automated
Not applicable - Not applicable
Not automated - Not automated
Parts of policy automated - Parts of policy automated
Automated on some systems - Automated on some systems
Automated on most systems - Automated on most systems
Automated on all systems - Automated on all systems
Control reported
Not applicable - Not applicable
Not reported - Not reported
Parts of policy reported - Parts of policy reported
Reported on some systems - Reported on some systems
Reported on most systems - Reported on most systems
Reported on all systems - Reported on all systems
Description

Encrypt sensitive data at rest on servers, applications, and databases containing sensitive data. Storage-layer encryption, also known as server-side encryption, meets the minimum requirement of this Safeguard. Additional encryption methods may include application-layer encryption, also known as client-side encryption, where access to the data storage device(s) does not permit access to the plain-text data.