PR.DS: Data Security

Description

Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.

Framework Subcategories

PR.DS-1: Data-at-rest is protected

[csf.tools Note: Subcategories do not have detailed descriptions.]

PR.DS-2: Data-in-transit is protected

[csf.tools Note: Subcategories do not have detailed descriptions.]

PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition

[csf.tools Note: Subcategories do not have detailed descriptions.]

PR.DS-4: Adequate capacity to ensure availability is maintained

[csf.tools Note: Subcategories do not have detailed descriptions.]

PR.DS-5: Protections against data leaks are implemented

[csf.tools Note: Subcategories do not have detailed descriptions.]

PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity

[csf.tools Note: Subcategories do not have detailed descriptions.]

PR.DS-7: The development and testing environment(s) are separate from the production environment

[csf.tools Note: Subcategories do not have detailed descriptions.]

PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity

[csf.tools Note: Subcategories do not have detailed descriptions.]