SC-28: Protection of Information at Rest
From NIST's SP800-53:
Protect the [Selection (one or more): confidentiality; integrity] of the following information at rest: [Assignment: organization-defined information at rest].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1003.004 | LSA Secrets | Credential Access |
| T1599.001 | Network Address Translation Traversal | Defense Evasion |
| T1003.003 | NTDS | Credential Access |
| T1003.001 | LSASS Memory | Credential Access |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1052.001 | Exfiltration over USB | Exfiltration |
| T1552.004 | Private Keys | Credential Access |
| T1005 | Data from Local System | Collection |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1565.003 | Runtime Data Manipulation | Impact |
| T1213.002 | Sharepoint | Collection |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |
| T1565 | Data Manipulation | Impact |
| T1530 | Data from Cloud Storage | Collection |
| T1048 | Exfiltration Over Alternative Protocol | Exfiltration |
| T1003.007 | Proc Filesystem | Credential Access |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | Exfiltration |
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1003 | OS Credential Dumping | Credential Access |
| T1078.003 | Local Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1567 | Exfiltration Over Web Service | Exfiltration |
| T1052 | Exfiltration Over Physical Medium | Exfiltration |
| T1565.001 | Stored Data Manipulation | Impact |
| T1078.004 | Cloud Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1003.002 | Security Account Manager | Credential Access |
| T1003.006 | DCSync | Credential Access |
| T1078.001 | Default Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1213 | Data from Information Repositories | Collection |
| T1003.008 | /etc/passwd and /etc/shadow | Credential Access |
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |
| T1213.001 | Confluence | Collection |
| T1552.002 | Credentials in Registry | Credential Access |
| T1552 | Unsecured Credentials | Credential Access |
| T1602 | Data from Configuration Repository | Collection |
| T1552.001 | Credentials In Files | Credential Access |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Exfiltration |
| T1025 | Data from Removable Media | Collection |
| T1552.003 | Bash History | Credential Access |