CISA Cybersecurity Performance Goals: Data Security Security Controls
Controls that identify, classify, encrypt, and back up sensitive data.
Data Security
Sensitive data is inventoried and classified by type
You cannot protect data you do not know you have. Without a data inventory, sensitive information en...
Sensitive data at rest is encrypted using current standards
Encryption at rest protects data when storage media is stolen, improperly disposed of, or accessed b...
Data in transit is encrypted using modern protocols
Unencrypted traffic can be intercepted on any segment of the network path, including internal networ...
Sensitive data is securely disposed of when no longer needed
Data that is no longer needed is a liability, not an asset. Breaches and legal discovery can expose ...
Backups of critical data are maintained and tested
Ransomware and accidental deletion both lead to the same outcome: data loss that halts operations. B...