Protecting stored data with cryptographic controls so that it cannot be read by anyone without the decryption key.
Encryption at rest refers to applying cryptographic controls (typically AES-256 in modern systems) to data that is stored on disks, databases, backup media, mobile devices, and cloud storage. The FTC Safeguards Rule requires encryption of customer information at rest under 16 CFR 314.4(c)(3), unless the firm's Qualified Individual approves a written exception with compensating controls. Encryption is enforced at the storage layer, not at the file level, which means it survives copy operations within the same encrypted system.
Without encryption at rest, a stolen laptop or a breached cloud storage account exposes raw client data. With encryption at rest, the same incident is far less likely to trigger a notifiable breach because the data is unreadable. Modern services like Microsoft 365 and Google Workspace encrypt by default; legacy on-premises file shares often do not. The gap is most common on local servers, USB drives, and personal devices.
The 58-Control Register module handles this for your firm, personalized to your software, team size, and state requirements.
See plans and pricingA federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
Protecting data with cryptographic controls while it moves between systems, typically using TLS 1.2 or higher.
A structured list of all security controls your firm should have in place, mapped to regulatory requirements, with testing status and evidence.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy