CT.DP-P1: Data are processed to limit observability and linkability (e.g., data actions take place on local devices, privacy-preserving cryptography)
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
AC-23: Data Mining Protection
Employ [Assignment: organization-defined data mining prevention and detection techniques] for [Assignment: organization-defined data storage objects] to detect and protect against unauthorized data mining.
PL-8: Security and Privacy Architectures
Develop security and privacy architectures for the system that: Describe the requirements and approach to be taken for protecting the confidentiality, integrity, and availability of organizational information; Describe the requirements and approach to be taken for processing personally identifiable information to minimize privacy risk to individuals; Describe how the architectures are integrated into and support…
PM-7: Enterprise Architecture
Develop and maintain an enterprise architecture with consideration for information security, privacy, and the resulting risk to organizational operations and assets, individuals, other organizations, and the Nation.
SA-17: Developer Security and Privacy Architecture and Design
Require the developer of the system, system component, or system service to produce a design specification and security and privacy architecture that: Is consistent with the organization’s security and privacy architecture that is an integral part the organization’s enterprise architecture; Accurately and completely describes the required security and privacy functionality, and the allocation of controls…
NIST Special Publication 800-53 Revision 4
AC-23: Data Mining Protection
The organization employs [Assignment: organization-defined data mining prevention and detection techniques] for [Assignment: organization-defined data storage objects] to adequately detect and protect against data mining.
PL-8: Information Security Architecture
The organization: Develops an information security architecture for the information system that: Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information; Describes how the information security architecture is integrated into and supports the enterprise architecture; and Describes any information security assumptions about,…
PM-7: Enterprise Architecture
The organization develops an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation.
SA-17: Developer Security Architecture And Design
The organization requires the developer of the information system, system component, or information system service to produce a design specification and security architecture that: Is consistent with and supportive of the organization’s security architecture which is established within and is an integrated part of the organization’s enterprise architecture; Accurately and completely describes the required security…