Encrypt Sensitive Information

Protect sensitive data-at-rest with strong encryption.

ID: M0941
Security Controls: IEC 62443-3-3:2013 - SR 4.1, IEC 62443-4-2:2019 - CR 4.1, NIST SP 800-53 Rev. 5 - SC-28
Version: 1.0
Created: 11 June 2019
Last Modified: 19 September 2023

Techniques Addressed by Mitigation

Domain ID Name Use
ICS T0811 Data from Information Repositories

Information which is sensitive to the operation and architecture of the process environment may be encrypted to ensure confidentiality and restrict access to only those who need to know. [1] [2]

ICS T0893 Data from Local System

Information which is sensitive to the operation and architecture of the process environment may be encrypted to ensure confidentiality and restrict access to only those who need to know. [1] [2]

ICS T0839 Module Firmware

The encryption of firmware should be considered to prevent adversaries from identifying possible vulnerabilities within the firmware.

ICS T0873 Project File Infection

When at rest, project files should be encrypted to prevent unauthorized changes. [2]

ICS T0857 System Firmware

The encryption of firmware should be considered to prevent adversaries from identifying possible vulnerabilities within the firmware.

ICS T0882 Theft of Operational Information

Encrypt any operational data with strong confidentiality requirements, including organizational trade-secrets, recipes, and other intellectual property (IP).

ICS T0864 Transient Cyber Asset

Consider implementing full disk encryption, especially if engineering workstations are transient assets that are more likely to be lost, stolen, or tampered with. [2]

References