Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect

DS – Data Security

NIST CSF Category PR.DS
In data security, normative documents are essential for defining how sensitive information should be protected throughout its lifecycle—at rest, in transit, and in use. Standards like ISO/IEC 27001 and ISO/IEC 27701 provide frameworks for information security and privacy management, while NIST SP 800-53 and NIST SP 800-171 offer detailed controls for protecting federal and controlled unclassified information. Regulatory bodies such as the European Data Protection Board (EDPB) for GDPR enforcement and the U.S. Federal Trade Commission (FTC) for consumer data protection set legal requirements that organizations must follow. By adhering to these standards and regulations, organizations can implement robust encryption, access control, and data handling practices, ensuring compliance, mitigating breaches, and maintaining stakeholder trust.

NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile

The NIST Cyber AI Profile offers a structured approach to integrating AI into cybersecurity operations. It provides guidance on leveraging AI for threat detection, risk assessment, and automated response while… Read More »NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile

ETSI EN 304 223: Securing Artificial Intelligence (SAI) – Baseline Cyber Security Requirements for AI Models and Systems

ETSI EN 304 223 is a landmark European standard, published in early 2026, that establishes the first globally applicable baseline for securing artificial intelligence models and systems throughout their entire… Read More »ETSI EN 304 223: Securing Artificial Intelligence (SAI) – Baseline Cyber Security Requirements for AI Models and Systems