Encryption
Protect data confidentiality and integrity through cryptographic controls.
9 of 9 frameworks cover this control
Framework Mappings
How Encryption maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | PR.DS-01 PR.DS-02 |
| ISO 27001 | Covered | A.8.24 A.5.14 |
| CIS v8 | Covered | CIS 3.6 CIS 3.9 CIS 3.10 |
| SOC 2 | Covered | CC6.1 CC6.7 |
| PCI DSS | Covered | 3.5.1 4.2.1 4.2.2 |
| CMMC | Covered | SC.L2-3.13.8 SC.L2-3.13.11 |
| 800-53 | Covered | SC-8 SC-12 SC-13 SC-28 |
| HIPAA | Covered | §164.312(a)(2)(iv) §164.312(e)(2)(ii) |
| GDPR | Covered | Art.32(1)(a) Art.34(3)(a) |
About Encryption
Encryption is a cybersecurity control in the Protect domain. Protect data confidentiality and integrity through cryptographic controls. Encryption protects data confidentiality and integrity by converting information into an unreadable format that can only be decrypted with the appropriate keys. Organizations must implement encryption for data at rest (using AES-256 or equivalent), data in transit (using TLS 1.2 or higher), and increasingly for data in use through techniques like secure enclaves. Proper key management is equally critical, including secure key generation, storage in hardware security modules (HSMs) or key management services, regular key rotation, and documented key lifecycle procedures.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.