Data at rest refers to data that is inactive and physically stored in any digital form, such as on hard drives, in databases, or in archives. Encrypting sensitive information stored in a database is a critical security control for data at rest. This process, often called Transparent Data Encryption (TDE) or full-disk encryption, ensures that if the physical storage media is compromised, stolen, or improperly accessed, the data remains unreadable and confidential without the appropriate decryption keys.

A. Data in motion: This refers to data actively traveling across a network. While it should be encrypted (e.g., with TLS), it is not the state of data stored on a disk.

B. Data in transit: This is a synonym for "data in motion" and describes data being transferred between systems, not data that is stored.

D. Data in use: This describes data being actively processed in volatile memory (RAM) or by a CPU. It is not the state of data stored persistently in a database.

1. Cisco Systems, Inc. (2018). Data Encryption: The Foundation of a Secure Digital World. White Paper. "Data at rest is data that is stored on a device or backup media... Common methods for protecting data at rest include strong encryption, data fragmentation, and data masking." (Page 2, "The Three States of Data").

2. National Institute of Standards and Technology (NIST). NIST Glossary - Data at Rest. "Data that is stored on media." Retrieved from the NIST Computer Security Resource Center (CSRC) Glossary. This definition directly applies to information stored within a database on a server's storage.

3. Saltzer, J. H., & Kaashoek, M. F. (2009). Principles of Computer System Design: An Introduction. MIT OCW. Chapter 9, Security. "A different threat is that an attacker may steal a disk or an entire computer... To counter this threat, the owner of the data can encrypt the data before it is stored on the disk." (Section 9.5.1, "Encryption"). This describes the principle of encrypting data at rest.