STIGViewer Trial workspace — loading your subscription…

NIST 800-171 v2

110 security requirements available

3.13.16Derived Requirement

System and Communications Protection

Security Requirement

Protect the confidentiality of CUI at rest.

Discussion

Information at rest refers to the state of information when it is not in process or in transit and is located on storage devices as specific components of systems. The focus of protection at rest is not on the type of storage device or the frequency of access but rather the state of the information. Organizations can use different mechanisms to achieve confidentiality protections, including the use of cryptographic mechanisms and file share scanning. Organizations may also use other controls including secure off-line storage in lieu of online storage when adequate protection of information at rest cannot otherwise be achieved or continuous monitoring to identify malicious code at rest. See [NIST CRYPTO].

Framework
NIST SP 800-171 Rev 2
Family
System and Communications Protection
Requirement Type
derived

Related Frameworks

3 paths across 2 frameworks
NIST 800-531 mapping
SC-28
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI2 mappings
CCI-001199
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002472
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

107 STIGs reach this control through 11 CCIs via 800-53 control SC-28. Expand a row to see the responsible NICE and O*NET roles.

Operating System — Desktop

5 STIGs

Operating System — Server

27 STIGs
Solaris 11 X86 Security Technical Implementation Guide
V3R52026-02-193 of 216 findings match
Oracle Linux 9 Security Technical Implementation Guide
V1R52026-02-172 of 448 findings match
Show 19 more STIGs in this category →
Anduril NixOS Security Technical Implementation Guide
V1R22025-08-191 of 103 findings match
IBM AIX 7.x Security Technical Implementation Guide
V3R22026-02-061 of 283 findings match
Oracle Linux 8 Security Technical Implementation Guide
V2R82026-02-131 of 375 findings match

Operating System — Mainframe

5 STIGs
Mainframe Product Security Requirements Guide
V3R42025-09-104 of 194 findings match
IBM z/OS ACF2 Security Technical Implementation Guide
V9R82026-03-091 of 225 findings match
IBM z/OS RACF Security Technical Implementation Guide
V9R82026-03-091 of 222 findings match
IBM z/OS TSS Security Technical Implementation Guide
V9R82026-03-091 of 230 findings match

Operating System — Mobile

12 STIGs

Network Device

12 STIGs
Domain Name System (DNS) Security Requirements Guide
V4R22025-12-195 of 119 findings match
BIND 9.x Security Technical Implementation Guide
22024-02-153 of 70 findings match
BIND 9.x Security Technical Implementation Guide
V3R22026-02-253 of 73 findings match
AAA Services Security Requirements Guide
V2R22024-12-041 of 77 findings match
Application Layer Gateway Security Requirements Guide
V2R32025-09-151 of 160 findings match
Cisco ISE NDM Security Technical Implementation Guide
V2R32025-12-111 of 53 findings match
Show 4 more STIGs in this category →
Network Device Management Security Requirements Guide
V5R42025-09-101 of 105 findings match
Network Device Management Security Requirements Guide
V5R32025-02-111 of 104 findings match

Database

18 STIGs
Database Security Requirements Guide
V4R52026-02-264 of 142 findings match
Show 10 more STIGs in this category →

Web / Application Server

12 STIGs
Application Server Security Requirements Guide
V4R42025-09-105 of 137 findings match
Web Server Security Requirements Guide
V4R42025-09-103 of 126 findings match
Show 4 more STIGs in this category →

Virtualization / Container

8 STIGs

Endpoint Security Management

4 STIGs

Productivity Application

2 STIGs

Uncategorized

2 STIGs