CIS Control 3.11 Encrypt Sensitive Data at Rest
The Center for Internet Security Controls or #CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of #Cybersecurity controls.
Safeguard 3.11 in the process of ensuring #DataAtRest is encrypted. It calls for the encryption of sensitive data on servers, applications, and databases that contain the data. Storage-layer encryption, or server-side encryption, meets the minimum requirements for this Safeguard. Additional encryption methods may include application-layer or client-side encryption, where access to the data storage device(s) does not permit access to the plain-text data.
The bottom line is in today's world not encrypting your data, servers, and systems is no longer an option if they contain sensitive data or not. Microsoft #Bitlocker can be managed via group policy or #Intune making it easy for even a small IT Department to deploy and manage encryption and check 3.11 compliance off.
Before you move on, remember that your backups also contain data at rest, so if you are working with sensitive data (which you are) remember that any of your backups have to be encrypted as well. It doesn't make any sense to lock the front door, but leave the back door wide open.
Safeguard 3.6 calls for encryption of end-user devices, 3.9 calls for encryption of removable devices, 3.10 calls for data in transit, and 3.11 is the encryption of data at rest. By simply encrypting your data everywhere you meet 1 requirement in Implementation Group 1, and 3 requirements for Group 2.
Continue the conversation - https://www.linkedin.com/posts/activity-7087437973738123264-U19k?utm_source=share&utm_medium=member_desktop