Back

Establish, implement, and maintain a data loss prevention solution to protect Access Control Lists.


CONTROL ID
12128
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain information flow control configuration standards., CC ID: 01924

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Data loss prevention processes and technologies are used to restrict a user or system's ability to exfiltrate protected information, to execute data transmission, move information stored logically or maintained in physical devices, or otherwise modify, view, reproduce or destroy such information. (S7.3 Restricts the ability to perform transmission, Privacy Management Framework, Updated March 1, 2020)
  • Use host-based data loss prevention (DLP) to enforce ACLs even when data is copied off a server. In most organizations, access to the data is controlled by ACLs that are implemented on the server. Once the data have been copied to a desktop system, the ACLs are no longer enforced and the users can s… (Control 13.9, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • Configure managed endpoints with Data Loss Prevention (DLP) technologies and rules in accordance with a risk assessment. (UEM-11, Cloud Controls Matrix, v4.0)
  • Use an automated tool, such as host-based Data Loss Prevention, to enforce access controls to data even when the data is copied off a system. (CIS Control 14: Sub-Control 14.7 Enforce Access Control to Data through Automated Tools, CIS Controls, 7.1)
  • Use an automated tool, such as host-based Data Loss Prevention, to enforce access controls to data even when the data is copied off a system. (CIS Control 14: Sub-Control 14.7 Enforce Access Control to Data through Automated Tools, CIS Controls, V7)
  • Implement an automated tool, such as a host-based Data Loss Prevention (DLP) tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider, and update the enterprise's sensitive data inventory. (CIS Control 3: Safeguard 3.13 Deploy a Data Loss Prevention Solution, CIS Controls, V8)
  • Data loss prevention processes and technologies are used to restrict ability to authorize and execute transmission, movement, and removal of information. (CC6.7 ¶ 2 Bullet 1 Restricts the Ability to Perform Transmission, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Data loss prevention processes and technologies are used to restrict ability to authorize and execute transmission, movement and removal of information. (CC6.7 Restricts the Ability to Perform Transmission, Trust Services Criteria)
  • Data loss prevention processes and technologies are used to restrict ability to authorize and execute transmission, movement, and removal of information. (CC6.7 ¶ 2 Bullet 1 Restricts the Ability to Perform Transmission, Trust Services Criteria, (includes March 2020 updates))