PR.DS-P2: Data-in-transit are protected

CSF v1.1 References:

PR.DS-2

Threats Addressed:

Description

[csf.tools Note: Subcategories do not have detailed descriptions.]

Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.

NIST Special Publication 800-53 Revision 5

SC-8: Transmission Confidentiality and Integrity

Protect the [Assignment (one or more): confidentiality, integrity] of transmitted information.

SC-11: Trusted Path

Provide a [Assignment: physically, logically] isolated trusted communications path for communications between the user and the trusted components of the system; and Permit users to invoke the trusted communications path for communications between the user and the following security functions of the system, including at a minimum, authentication and re-authentication: [Assignment: organization-defined security functions].

Cloud Controls Matrix v3.0.1

AIS-04: Data Security / Integrity

Policies and procedures shall be established and maintained in support of data security to include (confidentiality, integrity, and availability) across multiple system interfaces, jurisdictions, and business functions to prevent improper disclosure, alteration, or destruction.

DCS-02: Controlled Access Points

Physical security perimeters (e.g., fences, walls, barriers, guards, gates, electronic surveillance, physical authentication mechanisms, reception desks, and security patrols) shall be implemented to safeguard sensitive data and information systems.

EKM-02: Key Generation

Policies and procedures shall be established for the management of cryptographic keys in the service’s cryptosystem (e.g., lifecycle management from key generation to revocation and replacement, public key infrastructure, cryptographic protocol design and algorithms used, access controls in place for secure key generation, and exchange and storage including segregation of keys used for encrypted data…

EKM-03: Sensitive Data Protection

Policies and procedures shall be established, and supporting business processes and technical measures implemented, for the use of encryption protocols for protection of sensitive data in storage (e.g., file servers, databases, and end-user workstations), data in use (memory), and data in transmission (e.g., system interfaces, over public networks, and electronic messaging) as per applicable legal,…

IVS-10: VM Security – Data Protection

Secured and encrypted communication channels shall be used when migrating physical servers, applications, or data to virtualized servers and, where possible, shall use a network segregated from production-level networks for such migrations.

Critical Security Controls Version 8

3: Data Protection

Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.

12: Network Infrastructure Management

Establish, implement, and actively manage (track, report, correct) network devices, in order to prevent attackers from exploiting vulnerable network services and access points.

16: Application Software Security

Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weaknesses before they can impact the enterprise.

NIST Special Publication 800-53 Revision 4

SC-8: Transmission Confidentiality And Integrity

The information system protects the [Selection (one or more): confidentiality; integrity] of transmitted information.

SC-11: Trusted Path

The information system establishes a trusted communications path between the user and the following security functions of the system: [Assignment: organization-defined security functions to include at a minimum, information system authentication and re-authentication].

Critical Security Controls Version 7.1

14: Controlled Access Based on the Need to Know

The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.