Skip to main content

πŸ’Ό PR.DS-5: Protections against data leaks are implemented

  • Contextual name: πŸ’Ό PR.DS-5: Protections against data leaks are implemented
  • ID: /frameworks/nist-csf-v1.1/pr-ds/05
  • Located in: πŸ’Ό Data Security (PR.DS)

Description​

Empty...

Similar​

  • Sections
    • /frameworks/iso-iec-27001-2013/06/01/02
    • /frameworks/iso-iec-27001-2013/07/01/01
    • /frameworks/iso-iec-27001-2013/07/01/02
    • /frameworks/iso-iec-27001-2013/07/03/01
    • /frameworks/iso-iec-27001-2013/08/02/02
    • /frameworks/iso-iec-27001-2013/08/02/03
    • /frameworks/iso-iec-27001-2013/09/01/01
    • /frameworks/iso-iec-27001-2013/09/01/02
    • /frameworks/iso-iec-27001-2013/09/02/03
    • /frameworks/iso-iec-27001-2013/09/04/01
    • /frameworks/iso-iec-27001-2013/09/04/04
    • /frameworks/iso-iec-27001-2013/09/04/05
    • /frameworks/iso-iec-27001-2013/10/01/01
    • /frameworks/iso-iec-27001-2013/11/01/04
    • /frameworks/iso-iec-27001-2013/11/01/05
    • /frameworks/iso-iec-27001-2013/11/02/01
    • /frameworks/iso-iec-27001-2013/13/01/01
    • /frameworks/iso-iec-27001-2013/13/01/03
    • /frameworks/iso-iec-27001-2013/13/02/01
    • /frameworks/iso-iec-27001-2013/13/02/03
    • /frameworks/iso-iec-27001-2013/13/02/04
    • /frameworks/iso-iec-27001-2013/14/01/02
    • /frameworks/iso-iec-27001-2013/14/01/03
    • /frameworks/nist-sp-800-53-r4/ac/04
    • /frameworks/nist-sp-800-53-r4/ac/05
    • /frameworks/nist-sp-800-53-r4/ac/06
    • /frameworks/nist-sp-800-53-r4/pe/19
    • /frameworks/nist-sp-800-53-r4/ps/03
    • /frameworks/nist-sp-800-53-r4/ps/06
    • /frameworks/nist-sp-800-53-r4/sc/07
    • /frameworks/nist-sp-800-53-r4/sc/08
    • /frameworks/nist-sp-800-53-r4/sc/13
    • /frameworks/nist-sp-800-53-r4/sc/31
    • /frameworks/nist-sp-800-53-r4/si/04
  • Internal
    • ID: dec-c-ba11ddf3

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.6.1.2 Segregation of duties
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.7.1.1 Screening
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.7.1.2 Terms and conditions of employment
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.7.3.1 Termination or change of employment responsibilities
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.8.2.2 Labelling of information
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.8.2.3 Handling of assets
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.9.1.1 Access control policy
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.9.1.2 Access to networks and network services1718
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.9.2.3 Management of privileged access rights34
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.9.4.1 Information access restriction1920
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.9.4.4 Use of privileged utility programs
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.9.4.5 Access control to program source code
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.10.1.1 Policy on the use of cryptographic controls1415
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.11.1.4 Protecting against external and environmental threats
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.11.1.5 Working in secure areas
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.11.2.1 Equipment siting and protection
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.13.1.1 Network controls
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.13.1.3 Segregation in networks
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.13.2.1 Information transfer policies and procedures
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.13.2.3 Electronic messaging
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.13.2.4 Confidentiality or nondisclosure agreements
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.14.1.2 Securing application services on public networks44
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.14.1.3 Protecting application services transactions78
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό AC-4 INFORMATION FLOW ENFORCEMENT2211
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό AC-5 SEPARATION OF DUTIES33
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό AC-6 LEAST PRIVILEGE1022
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό PE-19 INFORMATION LEAKAGE1
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό PS-3 PERSONNEL SCREENING3
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό PS-6 ACCESS AGREEMENTS3
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SC-7 BOUNDARY PROTECTION2356
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY422
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SC-13 CRYPTOGRAPHIC PROTECTION411
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SC-31 COVERT CHANNEL ANALYSIS3
πŸ’Ό NIST SP 800-53 Revision 4 β†’ πŸ’Ό SI-4 INFORMATION SYSTEM MONITORING24

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected82
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected69
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected67

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (51)​

PolicyLogic CountFlags
πŸ“ AWS Account EBS Volume Encryption Attribute is not enabled in all regions 🟒1🟒 x6
πŸ“ AWS Account IAM Access Analyzer is not enabled for all regions 🟒1🟒 x6
πŸ“ AWS Account Root User credentials were used is the last 30 days πŸ”΄πŸŸ’1πŸ”΄ x1, 🟒 x6
πŸ“ AWS Account Root User has active access keys 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted CIFS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted DNS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted FTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted ICMP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted NetBIOS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted RPC traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted SMTP traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MongoDB 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MSSQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MySQL 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL 🟒1🟒 x6
πŸ“ AWS EFS File System encryption is not enabled 🟒1🟒 x6
πŸ“ AWS IAM Policy allows full administrative privileges 🟒1🟒 x6
πŸ“ AWS IAM Server Certificate is expired 🟒1🟒 x6
πŸ“ AWS IAM User has inline or directly attached policies 🟒1🟠 x1, 🟒 x5
πŸ“ AWS RDS Instance Encryption is not enabled 🟒1🟒 x6
πŸ“ AWS RDS Instance is publicly accessible and in an unrestricted public subnet 🟒1🟒 x6
πŸ“ AWS RDS Snapshot is publicly accessible 🟒1🟒 x6
πŸ“ AWS S3 Bucket is not configured to block public access 🟒1🟒 x6
πŸ“ AWS S3 Bucket Policy is not set to deny HTTP requests 🟒1🟒 x6
πŸ“ Azure App Service Authentication is disabled and Basic Authentication is enabled 🟒1🟒 x6
πŸ“ Azure App Service Basic Authentication is enabled 🟒🟒 x3
πŸ“ Azure App Service FTP deployments are not disabled 🟒1🟒 x6
πŸ“ Azure App Service HTTPS Only configuration is not enabled 🟒1🟒 x6
πŸ“ Azure Cosmos DB Account Private Endpoints are not used 🟒1🟒 x6
πŸ“ Azure Cosmos DB Account Virtual Network Filter is not enabled 🟒1🟒 x6
πŸ“ Azure Cosmos DB Entra ID Client Authentication is not used 🟒🟒 x3
πŸ“ Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟒1🟒 x6
πŸ“ Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted HTTP(S) access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted RDP access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted SSH access from the Internet 🟒1🟒 x6
πŸ“ Azure Network Security Group allows unrestricted UDP access from the Internet 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled 🟒1🟒 x6
πŸ“ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP) 🟒1🟒 x6
πŸ“ Azure Storage Account Allow Blob Anonymous Access is set enabled 🟒1🟒 x6
πŸ“ Azure Storage Account Secure Transfer Required is not enabled 🟒1🟒 x6
πŸ“ Azure Storage Account Trusted Azure Services are not enabled as networking exceptions 🟒1🟒 x6
πŸ“ Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key 🟒1🟒 x6
πŸ“ Consumer Google Accounts are used 🟒🟒 x3
πŸ“ Unattached Azure Managed Disk is not encrypted with Customer-managed key 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-0bdcd2761
βœ‰οΈ dec-x-3e379c671
βœ‰οΈ dec-x-4c15a09f1
βœ‰οΈ dec-x-5c3c20671
βœ‰οΈ dec-x-6ba5ecd21
βœ‰οΈ dec-x-6eab9b881
βœ‰οΈ dec-x-6ed261671
βœ‰οΈ dec-x-9cdb74071
βœ‰οΈ dec-x-11c3009f1
βœ‰οΈ dec-x-12a853391
βœ‰οΈ dec-x-14bf01f31
βœ‰οΈ dec-x-14f5fc251
βœ‰οΈ dec-x-42a090841
βœ‰οΈ dec-x-46a83a301
βœ‰οΈ dec-x-75db76ad1
βœ‰οΈ dec-x-157aa4b91
βœ‰οΈ dec-x-0289e9c91
βœ‰οΈ dec-x-293ab45b1
βœ‰οΈ dec-x-599c86b41
βœ‰οΈ dec-x-966d31831
βœ‰οΈ dec-x-66358b451
βœ‰οΈ dec-x-083928f51
βœ‰οΈ dec-x-995424b72
βœ‰οΈ dec-x-637372481
βœ‰οΈ dec-x-ab7fc52e1
βœ‰οΈ dec-x-b4d3d9dc2
βœ‰οΈ dec-x-b33429051
βœ‰οΈ dec-x-bcae85fb2
βœ‰οΈ dec-x-c0a7793e1
βœ‰οΈ dec-x-ca1c0c0d1
βœ‰οΈ dec-x-ca52f63a2
βœ‰οΈ dec-x-d5fbfc401
βœ‰οΈ dec-x-d95ea48b1
βœ‰οΈ dec-x-e43fd12e1
βœ‰οΈ dec-x-ec547a7c1
βœ‰οΈ dec-x-f4cc003a1
βœ‰οΈ dec-x-f12d78aa1
βœ‰οΈ dec-x-f63fd4f01
βœ‰οΈ dec-x-f937c35f1
βœ‰οΈ dec-z-79f4ab881
βœ‰οΈ dec-z-c82c9f971
βœ‰οΈ dec-z-dbeeed9f1
βœ‰οΈ dec-z-f778950c1