Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect

DS – Data Security

NIST CSF Category PR.DS
In data security, normative documents are essential for defining how sensitive information should be protected throughout its lifecycle—at rest, in transit, and in use. Standards like ISO/IEC 27001 and ISO/IEC 27701 provide frameworks for information security and privacy management, while NIST SP 800-53 and NIST SP 800-171 offer detailed controls for protecting federal and controlled unclassified information. Regulatory bodies such as the European Data Protection Board (EDPB) for GDPR enforcement and the U.S. Federal Trade Commission (FTC) for consumer data protection set legal requirements that organizations must follow. By adhering to these standards and regulations, organizations can implement robust encryption, access control, and data handling practices, ensuring compliance, mitigating breaches, and maintaining stakeholder trust.

NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile

The NIST Cyber AI Profile offers a structured approach to integrating AI into cybersecurity operations. It provides guidance on leveraging AI for threat detection, risk assessment, and automated response while… Read More »NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile

NIST SP 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

NIST SP 800-172 is a supplementary publication to NIST SP 800-171 that provides 35 enhanced security requirements designed to protect controlled unclassified information (CUI) on non-federal systems, especially when related… Read More »NIST SP 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

NIST SP 800-171 Rev. 3 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

NIST SP 800-171 is a set of cybersecurity standards developed by the National Institute of Standards and Technology (NIST) to protect Controlled Unclassified Information (CUI) in nonfederal systems and organizations.… Read More »NIST SP 800-171 Rev. 3 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

NIST SP 1800-28 Data Confidentiality: Identifying and Protecting Assets Against Data Breaches

NIST Special Publication 1800-28, titled “Data Confidentiality: Identifying and Protecting Assets Against Data Breaches,” provides a comprehensive guide to help organizations identify and protect their data assets from unauthorized access… Read More »NIST SP 1800-28 Data Confidentiality: Identifying and Protecting Assets Against Data Breaches

NIST SP 1800-29 Data Confidentiality: Detect, Respond to, and Recover from Data Breaches

NIST Special Publication 1800-29, “Data Confidentiality: Detect, Respond to, and Recover from Data Breaches,” provides organizations with practical guidance on managing data confidentiality risks by focusing on the latter three… Read More »NIST SP 1800-29 Data Confidentiality: Detect, Respond to, and Recover from Data Breaches

NIST SP 1800-26 Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

NIST Special Publication 1800-26, titled “Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events,” provides a practical, standards-based reference guide to help organizations maintain the integrity and availability… Read More »NIST SP 1800-26 Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

NIST SP 1800-11 Data Integrity: Recovering from Ransomware and Other Destructive Events

NIST Special Publication 1800-11, titled “Data Integrity: Recovering from Ransomware and Other Destructive Events,” is a cybersecurity practice guide that demonstrates how organizations can develop and implement strategies to quickly… Read More »NIST SP 1800-11 Data Integrity: Recovering from Ransomware and Other Destructive Events

NIST SP 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

NIST SP 1800-25, titled “Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events,” provides practical guidance for organizations to identify, protect, and manage their critical assets against… Read More »NIST SP 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

NIST Federal Information Processing Standard (FIPS) Publication 140-3: Security Requirements for Cryptographic Modules

FIPS 140-3 is a mandatory standard for federal agencies and a benchmark for the private sector that defines the security requirements for hardware and software cryptographic modules. It superseded FIPS… Read More »NIST Federal Information Processing Standard (FIPS) Publication 140-3: Security Requirements for Cryptographic Modules