Sensitive data is protected at rest, at least in an ad hoc manner
Context and Guidance: Authentication techniques (e.g., credential management, digital certificates, biometric identification, multifactor authentication), authorisation techniques (e.g., access control mechanisms), and protection techniques (e.g., encryption and data masking) are typical architectural tactics for protecting sensitive data at rest. Applying multiple techniques is not required for implementation of this practice. Data at rest may include data stored within dormant virtualised assets.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ARCHITECTURE-5a, ARCHITECTURE-5b, ARCHITECTURE-5c, ARCHITECTURE-5d, ARCHITECTURE-5e, ARCHITECTURE-5f, ARCHITECTURE-5g, ARCHITECTURE-5h.