UEM-11: Data Loss Prevention

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:

Info icon.

Control is new to this version of the control set.

Control Statement

Configure managed endpoints with Data Loss Prevention (DLP) technologies and rules in accordance with a risk assessment.

Implementation Guidance

The organization should have a DLP program to discover, monitor, and protect data with regulatory or compliance implications in transit and at rest across the network, storage, and endpoint systems. The DLP solution should monitor and control the data flow. Furthermore, any anomalies that exceed normal traffic patterns should be noted, and appropriate action should be taken to address them. The DLP solution should also be used to monitor for sensitive information (e.g., personally identifiable information), keywords, and metadata in order to discover unauthorized attempts for their disclosure across network boundaries and block such transfers by alerting information security personnel. The organization should configure the DLP solution to enforce ACLs even when data is copied off a server.

Auditing Guidance

  1. Examine the organization's data loss policy.
  2. Examine the policies on configuration of such controls.
  3. Determine if such controls are driven by risk assessments.
  4. Determine if such controls are in place and evaluated as effective.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.