Encryption-At-Rest

Encryption at rest protects stored data, on disks, databases, backups, and removable drives, by keeping it in ciphertext so that a lost laptop, stolen server, or seized USB stick yields nothing readable without the key. It complements encryption in transit, which protects data moving across the satellite link or shore network. For shipping operators it covers crew records, cargo manifests, commercial contracts, and port-system credentials, and it supports the confidentiality controls expected under ISO/IEC 27001 and the EU NIS2 Directive. Standards commonly specify AES-256 with disciplined key management.