What type of control aims to use encryption to protect data at rest?

Encryption to protect data at rest falls under preventative controls because its primary purpose is to safeguard data from unauthorized access and potential breaches before they occur. By implementing encryption, organizations proactively defend sensitive information, ensuring that even if unauthorized individuals gain physical access to the storage medium, they cannot read the encrypted data without the appropriate decryption keys. This method diminishes risks associated with data theft and enhances the overall security posture of an organization.

Preventative controls focus on thwarting security incidents before they can happen, in contrast to other types of controls such as detective or corrective measures, which react to incidents or identify issues after they have occurred.