3.4.4 Security for Data at Rest
3.4.4 Storage Security
Security for Data at Rest
Overview
This category is about providing assurance that the consumer’s stored data is secure, regardless of whether it is stored on the consumer’s devices or elsewhere (e.g., in cloud-based servers for an app).
Related Regulations and Standards
See References in Appendix, particularly FDA Cybersecurity Guidelines.
Implementation Guidance
Encryption paradigms should follow contemporary practices as the strength of an encryption method may degrade over time as computational methods for breaking encryption continue to evolve. Changes may be implemented as scheduled patches or release updates, but if the new best practices were defined because hacker evolution has exposed new product vulnerabilities, then the update should be done ASAP.