August 31, 2016

Data Security (PR.DS)

Objectives of Data Security

Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.

  • PR.DS-1: Data-at-rest is protected
  • PR.DS-2: Data-in-transit is protected
  • PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition
  • PR.DS-4: Adequate capacity to ensure availability is maintained
  • PR.DS-5: Protections against data leaks are implemented
  • PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity
  • PR.DS-7: The development and testing environment(s) are separate from the production environment