PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected

Previous Version:

Info icon.

Incorporates the following subcategorys from the previous version of the framework: PR.DS-2: Data-in-transit is protected, PR.DS-5: Protections against data leaks are implemented.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Use encryption, digital signatures, and cryptographic hashes to protect the confidentiality and integrity of network communications

Ex2: Automatically encrypt or block outbound emails and other communications that contain sensitive data, depending on the data classification

Ex3: Block access to personal email, file sharing, file storage services, and other personal communications applications and services from organizational systems and networks

Ex4: Prevent reuse of sensitive data from production environments (e.g., customer records) in development, testing, and other non-production environments