Encrypt Sensitive Information

From attackics
Jump to navigation Jump to search
Encrypt Sensitive Information
Mitigation
ID M1041
NIST SP 800-53 Rev. 4 SC-28
IEC 62443-3-3:2013 SR 4.1
IEC 62443-4-2:2019 CR 4.1

Description

Protect sensitive data-at-rest with strong encryption.


Techniques Addressed by Mitigation

NameUse
Data from Information RepositoriesInformation which is sensitive to the operation and architecture of the process environment may be encrypted to ensure confidentiality and restrict access to only those who need to know.12
Engineering Workstation CompromiseConsider implementing full disk encryption, especially if engineering workstations are transient assets that are more likely to be lost, stolen, or tampered with.2
Location IdentificationEncrypt sensitive location data when feasible to prevent unauthorized access.
Module FirmwareThe encryption of firmware should be considered to prevent adversaries from identifying possible vulnerabilities within the firmware.
Project File InfectionWhen at rest, project files should be encrypted to prevent unauthorized changes.2
System FirmwareThe encryption of firmware should be considered to prevent adversaries from identifying possible vulnerabilities within the firmware.
Theft of Operational InformationEncrypt any operational data with strong confidentiality requirements, including organizational trade-secrets, recipes, and other intellectual property (IP).