3.4.4 Security for Data at Rest

3.4.4 Storage Security

Security for Data at Rest

Overview

This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s devices or elsewhere (e.g., in cloud-based servers for an app).

Related Regulations and Standards

See References in Appendix, particularly FDA Cybersecurity Guidelines.

Implementation Guidance

Encryption paradigms should follow contemporary practices as the strength of an encryption method may degrade over time as computational methods for breaking encryption continue to evolve. Changes may be implemented as scheduled patches or release updates, but if the new best practices were defined because hacker evolution has exposed new product vulnerabilities, then the update should be done ASAP.