Data Protection
Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
Why Is This Control Critical?
Data is no longer only contained within an enterprise's border; it is in the cloud, on portable end-user devices where users work from home, and is often shared with partners or online services who might have it anywhere in the world. In addition to sensitive data an enterprise holds related to finances, intellectual property, and customer data, there also might be numerous international regulations for protection of personal data. Data privacy has become increasingly important, and enterprises are learning that privacy is about the appropriate use and management of data, not just encryption. Data must be appropriately managed through its entire lifecycle. These privacy rules can be complicated for multinational enterprises of any size; however, there are fundamentals that can apply to all.
Related Policy Templates
Safeguards (14)
| ID | Title | Asset Type | Function | Implementation Groups |
|---|---|---|---|---|
| 3.1 | Establish and Maintain a Data Management Process | Data | Identify |
IG1
IG2
IG3
|
| 3.2 | Establish and Maintain a Data Inventory | Data | Identify |
IG1
IG2
IG3
|
| 3.3 | Configure Data Access Control Lists | Data | Protect |
IG1
IG2
IG3
|
| 3.4 | Enforce Data Retention | Data | Protect |
IG1
IG2
IG3
|
| 3.5 | Securely Dispose of Data | Data | Protect |
IG1
IG2
IG3
|
| 3.6 | Encrypt Data on End>User Devices | Devices | Protect |
IG1
IG2
IG3
|
| 3.7 | Establish and Maintain a Data Classification Scheme | Data | Identify |
IG2
IG3
|
| 3.8 | Document Data Flows | Data | Identify |
IG2
IG3
|
| 3.9 | Encrypt Data on Removable Media | Data | Protect |
IG2
IG3
|
| 3.10 | Encrypt Sensitive Data in Transit | Data | Protect |
IG2
IG3
|
| 3.11 | Encrypt Sensitive Data at Rest | Data | Protect |
IG2
IG3
|
| 3.12 | Segment Data Processing and Storage Based on Sensitivity | Network | Protect |
IG2
IG3
|
| 3.13 | Deploy a Data Loss Prevention Solution | Data | Protect |
IG3
|
| 3.14 | Log Sensitive Data Access | Data | Detect |
IG3
|