From Application Security and Development Security Technical Implementation Guide
Part of SRG-APP-000231
Associated with: CCI-001199
Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive) within an organizational information system. Mobile devices, laptops, desktops, and storage devices can be either lost or stolen, and the contents of their data storage (e.g., hard drives and non-volatile memory) can be read, copied, or altered.
Review the application documentation and interview the application administrator. Identify the data processed by the application and the accompanying data protection requirements. Determine if the data owner has specified stored data protection requirements. Determine if the application is processing publicly releasable, FOUO or classified stored data. Determine if the application configuration information contains sensitive information. Access the data repository and have the application administrator, application developer or designer identify the data integrity and confidentiality protections utilized to protect stored data. If the application processes classified data or if the data owner has specified data protection requirements and the application administrator is unable to demonstrate how the data is protected, this is a finding.
Identify data elements that require protection. Document the data types and specify protection requirements and methods used.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer