Link Search Menu Expand Document
NIST CSWP
Table 2: Framework Core - PROTECT (PR), Data Security (PR.DS)
Function Category Subcategory Informative References
PROTECT (PR) Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information. PR.DS-1: Data-at-rest is protected CIS CSC 13, 14
COBIT 5 APO01.06, BAI02.01, BAI06.01, DSS04.07, DSS05.03, DSS06.06
ISA 62443-3-3:2013 SR 3.4, SR 4.1
ISO/IEC 27001:2013 A.8.2.3
NIST SP 800-53 Rev. 4 MP-8, SC-12, SC-28
PR.DS-2: Data-in-transit is protected CIS CSC 13, 14
COBIT 5 APO01.06, DSS05.02, DSS06.06
ISA 62443-3-3:2013 SR 3.1, SR 3.8, SR 4.1, SR 4.2
ISO/IEC 27001:2013 A.8.2.3, A.13.1.1, A.13.2.1, A.13.2.3, A.14.1.2, A.14.1.3
NIST SP 800-53 Rev. 4 SC-8, SC-11, SC-12
PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition CIS CSC 1
COBIT 5 BAI09.03
ISA 62443-2-1:2009 4.3.3.3.9, 4.3.4.4.1
ISA 62443-3-3:2013 SR 4.2
ISO/IEC 27001:2013 A.8.2.3, A.8.3.1, A.8.3.2, A.8.3.3, A.11.2.5, A.11.2.7
NIST SP 800-53 Rev. 4 CM-8, MP-6, PE-16
PR.DS-4: Adequate capacity to ensure availability is maintained CIS CSC 1, 2, 13
COBIT 5 APO13.01, BAI04.04
ISA 62443-3-3:2013 SR 7.1, SR 7.2
ISO/IEC 27001:2013 A.12.1.3, A.17.2.1
NIST SP 800-53 Rev. 4 AU-4, CP-2, SC-5
PR.DS-5: Protections against data leaks are implemented CIS CSC 13
COBIT 5 APO01.06, DSS05.04, DSS05.07, DSS06.02
ISA 62443-3-3:2013 SR 5.2
ISO/IEC 27001:2013 A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5, A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3
NIST SP 800-53 Rev. 4 AC-4, AC-5, AC-6, PE- 19, PS-3, PS-6, SC-7, SC-8, SC-13, SC-31, SI-4
PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity CIS CSC 2, 3
COBIT 5 APO01.06, BAI06.01, DSS06.02
ISA 62443-3-3:2013 SR 3.1, SR 3.3, SR 3.4, SR 3.8
ISO/IEC 27001:2013 A.12.2.1, A.12.5.1, A.14.1.2, A.14.1.3, A.14.2.4
NIST SP 800-53 Rev. 4 SC-16, SI-7
PR.DS-7: The development and testing environment(s) are separate from the production environment CIS CSC 18, 20
COBIT 5 BAI03.08, BAI07.04
ISO/IEC 27001:2013 A.12.1.4
NIST SP 800-53 Rev. 4 CM-2
PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity COBIT 5 BAI03.05
ISA 62443-2-1:2009 4.3.4.4.4
ISO/IEC 27001:2013 A.11.2.4
NIST SP 800-53 Rev. 4 SA-10, SI-7