Skip to content
    Home / Function (NIST CSF 2.0) / PR - Protect / DS - Data Security

    DS – Data Security

    NIST CSF Category PR.DS
    In data security, normative documents are essential for defining how sensitive information should be protected throughout its lifecycle—at rest, in transit, and in use. Standards like ISO/IEC 27001 and ISO/IEC 27701 provide frameworks for information security and privacy management, while NIST SP 800-53 and NIST SP 800-171 offer detailed controls for protecting federal and controlled unclassified information. Regulatory bodies such as the European Data Protection Board (EDPB) for GDPR enforcement and the U.S. Federal Trade Commission (FTC) for consumer data protection set legal requirements that organizations must follow. By adhering to these standards and regulations, organizations can implement robust encryption, access control, and data handling practices, ensuring compliance, mitigating breaches, and maintaining stakeholder trust.

    NIST SP 1800-26 Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

    NIST Special Publication 1800-26, titled “Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events,” provides a practical, standards-based reference guide to help organizations maintain the integrity and availability… Read More »NIST SP 1800-26 Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

    NIST SP 1800-11 Data Integrity: Recovering from Ransomware and Other Destructive Events

    NIST Special Publication 1800-11, titled “Data Integrity: Recovering from Ransomware and Other Destructive Events,” is a cybersecurity practice guide that demonstrates how organizations can develop and implement strategies to quickly… Read More »NIST SP 1800-11 Data Integrity: Recovering from Ransomware and Other Destructive Events

    NIST SP 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

    NIST SP 1800-25, titled “Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events,” provides practical guidance for organizations to identify, protect, and manage their critical assets against… Read More »NIST SP 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

    NIST Federal Information Processing Standard (FIPS) Publication 140-3: Security Requirements for Cryptographic Modules

    FIPS 140-3 is a mandatory standard for federal agencies and a benchmark for the private sector that defines the security requirements for hardware and software cryptographic modules. It superseded FIPS… Read More »NIST Federal Information Processing Standard (FIPS) Publication 140-3: Security Requirements for Cryptographic Modules

    California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA)

    The CCPA/CPRA represents the most comprehensive data privacy framework in the United States, granting California residents extensive rights over their personal information, including the right to know, delete, correct, and… Read More »California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA)

    Health Insurance Portability and Accountability Act of 1996 (HIPAA)

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes a comprehensive cybersecurity framework designed to protect electronic protected health information (ePHI) within healthcare organizations. Central to HIPAA’s cybersecurity… Read More »Health Insurance Portability and Accountability Act of 1996 (HIPAA)