Home / Function (NIST CSF 2.0) / PR - ProtectDS – Data Security
NIST CSF Category PR.DS
In data security, normative documents are essential for defining how sensitive information should be protected throughout its lifecycle—at rest, in transit, and in use. Standards like ISO/IEC 27001 and ISO/IEC 27701 provide frameworks for information security and privacy management, while NIST SP 800-53 and NIST SP 800-171 offer detailed controls for protecting federal and controlled unclassified information. Regulatory bodies such as the European Data Protection Board (EDPB) for GDPR enforcement and the U.S. Federal Trade Commission (FTC) for consumer data protection set legal requirements that organizations must follow. By adhering to these standards and regulations, organizations can implement robust encryption, access control, and data handling practices, ensuring compliance, mitigating breaches, and maintaining stakeholder trust.