PR.DS-01.223

Does your organization implement cryptographic controls (encryption, digital signatures, hashing) to protect the confidentiality and integrity of stored data across all relevant storage systems?

Explanation

Cryptographic controls are essential for protecting data at rest from unauthorized access or tampering. Encryption converts data into an unreadable format that requires a key to decrypt, digital signatures verify the authenticity of data, and cryptographic hashes confirm data integrity by detecting changes. These controls should be applied to files, databases, virtual machine images, containers, and other data storage systems based on sensitivity classification. Evidence could include a data protection policy documenting cryptographic requirements, system configuration documentation showing encryption settings, or screenshots of encryption implementation in key systems (with sensitive information redacted).

Implementation Example

Use encryption, digital signatures, and cryptographic hashes to protect the confidentiality and integrity of stored data in files, databases, virtual machine disk images, container images, and other resources

ID: PR.DS-01.223

Context

Function: PR: PROTECT
Category: PR.DS: Data Security
Sub-Category: The confidentiality, integrity, and availability of data-at-rest are protected

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub