PR.DS-P: Data Security
Description
Data are managed consistent with the organization’s risk strategy to protect individuals’ privacy and maintain data confidentiality, integrity, and availability.
Framework Subcategories
PR.DS-P1: Data-at-rest are protected
[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
PR.DS-P2: Data-in-transit are protected
[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
PR.DS-P3: Systems/products/services and associated data are formally managed throughout removal, transfers, and disposition
[csf.tools Note: Subcategories do not have detailed descriptions.]
PR.DS-P4: Adequate capacity to ensure availability is maintained
[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
PR.DS-P5: Protections against data leaks are implemented
[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
PR.DS-P6: Integrity checking mechanisms are used to verify software, firmware, and information integrity
[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
PR.DS-P7: The development and testing environment(s) are separate from the production environment
[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
PR.DS-P8: Integrity checking mechanisms are used to verify hardware integrity
[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.