Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SC

SC-28Protection of Information at Rest

Protect the {{ insert: param, sc-28_odp.01 }} of the following information at rest: {{ insert: param, sc-28_odp.02 }}.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 1 mapping(s) from 1 framework(s): CSF 2.0 1 (mostly)

See the full cumulative-coverage rollup →

Implementations targeting this control (31)

ATT&CK techniques this control mitigates (42)

Weaknesses this control addresses (6)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-200Exposure of Sensitive Information to an Unauthorized Actor10,501Encrypting or otherwise protecting data at rest directly prevents unauthorized actors from reading sensitive information stored on disk or other media.
CWE-522Insufficiently Protected Credentials1,559Requiring confidentiality/integrity protection for stored credentials directly mitigates insufficiently protected credentials on disk or in configuration stores.
CWE-312Cleartext Storage of Sensitive Information935Requiring confidentiality protection for information at rest eliminates cleartext storage of sensitive data on persistent media.
CWE-922Insecure Storage of Sensitive Information426The control explicitly requires secure storage mechanisms for sensitive information, closing the insecure-storage weakness class.
CWE-256Plaintext Storage of a Password210Protection of passwords and credentials at rest forces encryption or equivalent controls instead of plaintext storage.
CWE-313Cleartext Storage in a File or on Disk29Mandating protection of files and disk-stored data at rest prevents the specific weakness of cleartext storage on disk or in files.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2025-47729 KEV UPD10.01.90.0039good
CVE-2011-4723 KEV10.05.70.0313good
CVE-2022-261488.09.80.5344good
CVE-2025-04777.09.80.0036good
CVE-2025-242637.09.80.0047good
CVE-2025-276507.09.80.0083good
CVE-2025-256507.09.10.0081good
CVE-2026-229067.09.80.0033good
CVE-2025-45784 UPD7.09.80.0049good
CVE-2024-94666.06.50.1123good
CVE-2025-228965.58.60.0335good
CVE-2021-479615.58.10.0032good
CVE-2024-413365.57.50.0041good
CVE-2026-35467 UPD5.57.50.0023good
CVE-2025-276855.57.50.0036good
CVE-2026-338675.57.50.0015good
CVE-2026-355565.57.50.0030good
CVE-2025-211025.57.50.0016good
CVE-2025-362585.57.10.0015good
CVE-2024-239425.57.10.0011good
CVE-2019-252795.57.50.0020good
CVE-2026-42151 UPD5.57.50.0033good
CVE-2024-550275.57.50.0022good
CVE-2025-127745.57.50.0018good
CVE-2026-17775.57.20.0046good

Other controls in family SC

SC-1 SC-10 SC-11 SC-12 SC-13 SC-14 SC-15 SC-16 SC-17 SC-18 SC-19 SC-2 SC-20 SC-21 SC-22 SC-23 SC-24 SC-25 SC-26 SC-27 SC-29 SC-3 SC-30 SC-31 SC-32 SC-33 SC-34 SC-35 SC-36 SC-37 SC-38 SC-39 SC-4 SC-40 SC-41 SC-42 SC-43 SC-44 SC-45 SC-46 SC-47 SC-48 SC-49 SC-5 SC-50 SC-51 SC-6 SC-7 SC-8 SC-9