PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected
Ex1: Use encryption, digital signatures, and cryptographic hashes to protect the confidentiality and integrity of stored data in files, databases, virtual machine disk images, container images, and other resources
Ex2: Use full disk encryption to protect data stored on user endpoints
Ex3: Confirm the integrity of software by validating signatures
Ex4: Restrict the use of removable media to prevent data exfiltration
Ex5: Physically secure removable media containing unencrypted sensitive information, such as within locked offices or file cabinets
Tier
Description
The confidentiality, integrity, and availability of data-at-rest are protected