Back

Establish and maintain a data loss prevention solution to protect Access Control Lists.


CONTROL ID
12128
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish and maintain information flow control configuration standards., CC ID: 01924

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Use host-based data loss prevention (DLP) to enforce ACLs even when data is copied off a server. In most organizations, access to the data is controlled by ACLs that are implemented on the server. Once the data have been copied to a desktop system, the ACLs are no longer enforced and the users can s… (Control 13.9, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • Use an automated tool, such as host-based Data Loss Prevention, to enforce access controls to data even when the data is copied off a system. (CIS Control 14: Sub-Control 14.7 Enforce Access Control to Data through Automated Tools, CIS Controls, V7)
  • Data loss prevention processes and technologies are used to restrict ability to authorize and execute transmission, movement and removal of information. (CC6.7 Restricts the Ability to Perform Transmission, Trust Services Criteria)