Title

The operating system must protect the confidentiality and integrity of all information at rest. (Cat II impact)

Discussion

Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system. This requirement addresses protection of user-generated data, as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidentiality and integrity protections, as appropriate, in accordance with the security category and/or classification of the information. Satisfies: SRG-OS-000185-GPOS-00079, SRG-OS-000404-GPOS-00183, SRG-OS-000405-GPOS-00184

Check Content

Verify the operating system protects the confidentiality and integrity of all information at rest. If it does not, this is a finding. Determine if encryption must be used to protect data on this system. One method of protecting a disk in FreeBSD is kernel-level encryption. Devices setup this way appear as ".bde" devices: $ ls /dev/ad*.bde If any devices are listed, an encrypted device is in use. There may be other at-rest data encyption in place. Ask the system adminstrator about other mechanisms.

Fix Text

Configure the operating system to protect the confidentiality and integrity of all information at rest.

Additional Identifiers

Rule ID:

Vulnerability ID: V-790

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.