Information at rest must be encrypted using a DOD-accepted algorithm to protect the confidentiality and integrity of the information.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-206407 | SRG-APP-000231 | SRG-APP-000231-WSR-000144 | SV-206407r1029555_rule | 2025-02-12 | 4 |
| Description |
|---|
| Data at rest is inactive data stored physically in any digital form (e.g., databases, data warehouses, spreadsheets, archives, tapes, off-site backups, mobile devices, etc.). Data at rest includes, but is not limited to, archived data, data that is not accessed or changed frequently, files stored on hard drives, USB thumb drives, files stored on backup tape and disks, and files stored off-site or on a storage area network. While data at rest can reside in many places, data at rest for a web server is data on the hosting system storage devices. Data stored as a backup on tape or stored off-site is no longer under the protection measures covered by the web server. There are several pieces of data the web server uses during operation. The web server must use an accepted encryption method, such as AES-256, to protect the confidentiality and integrity of the information. |
| ℹ️ Check |
|---|
| Review the web server documentation and deployed configuration to locate where potential data at rest is stored. Verify that the data is encrypted using a DOD-accepted algorithm to protect the confidentiality and integrity of the information. If the data is not encrypted using a DOD-accepted algorithm, this is a finding. |
| ✔️ Fix |
|---|
| Use a DOD-accepted algorithm to encrypt data at rest to protect the information's confidentiality and integrity. |