Status: IN
RHEL 9 protects data at rest through two independent and complementary layers: cryptographic protection (LUKS2 encryption with NBDE automated decryption governed by system-wide crypto policies) and mandatory access control (SELinux DAC → Type Enforcement → MCS enforcement chain) — ensuring that even if one layer is bypassed, the other independently restricts unauthorized access.