SC-28: Protection of Information at Rest

From NIST's SP800-53:

Protect the [Selection (one or more): confidentiality; integrity] of the following information at rest: [Assignment: organization-defined information at rest].

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID	Description
PR.DS-1	Data-at-rest is protected

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1003.004	LSA Secrets	Credential Access
T1599.001	Network Address Translation Traversal	Defense Evasion
T1003.003	NTDS	Credential Access
T1003.001	LSASS Memory	Credential Access
T1041	Exfiltration Over C2 Channel	Exfiltration
T1052.001	Exfiltration over USB	Exfiltration
T1552.004	Private Keys	Credential Access
T1005	Data from Local System	Collection
T1602.001	SNMP (MIB Dump)	Collection
T1565.003	Runtime Data Manipulation	Impact
T1213.002	Sharepoint	Collection
T1602.002	Network Device Configuration Dump	Collection
T1550.001	Application Access Token	Defense Evasion, Lateral Movement
T1565	Data Manipulation	Impact
T1530	Data from Cloud Storage	Collection
T1048	Exfiltration Over Alternative Protocol	Exfiltration
T1003.007	Proc Filesystem	Credential Access
T1003.005	Cached Domain Credentials	Credential Access
T1048.003	Exfiltration Over Unencrypted Non-C2 Protocol	Exfiltration
T1599	Network Boundary Bridging	Defense Evasion
T1003	OS Credential Dumping	Credential Access
T1078.003	Local Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1567	Exfiltration Over Web Service	Exfiltration
T1052	Exfiltration Over Physical Medium	Exfiltration
T1565.001	Stored Data Manipulation	Impact
T1078.004	Cloud Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1003.002	Security Account Manager	Credential Access
T1003.006	DCSync	Credential Access
T1078.001	Default Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1213	Data from Information Repositories	Collection
T1003.008	/etc/passwd and /etc/shadow	Credential Access
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1213.001	Confluence	Collection
T1552.002	Credentials in Registry	Credential Access
T1552	Unsecured Credentials	Credential Access
T1602	Data from Configuration Repository	Collection
T1552.001	Credentials In Files	Credential Access
T1048.002	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Exfiltration
T1025	Data from Removable Media	Collection
T1552.003	Bash History	Credential Access