Data Protection
Protect data at rest, in transit, and in use.
9 of 9 frameworks cover this control
Framework Mappings
How Data Protection maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | PR.DS-01 PR.DS-02 PR.DS-10 |
| ISO 27001 | Covered | A.5.14 A.8.10 A.8.12 |
| CIS v8 | Covered | CIS 3.1 CIS 3.10 CIS 3.12 |
| SOC 2 | Covered | CC6.1 CC6.5 CC6.7 |
| PCI DSS | Covered | 3.4.1 3.5.1 4.2.1 |
| CMMC | Covered | MP.L2-3.8.1 SC.L2-3.13.16 |
| 800-53 | Covered | MP-2 MP-4 SC-8 SC-28 |
| HIPAA | Covered | §164.312(a)(2)(iv) §164.312(c)(1) §164.312(e)(1) |
| GDPR | Covered | Art.5(1)(f) Art.32(1) |
About Data Protection
Data Protection is a cybersecurity control in the Protect domain. Protect data at rest, in transit, and in use. Data protection encompasses the policies, technologies, and procedures used to safeguard information throughout its lifecycle, including creation, storage, transmission, and destruction. Beyond encryption, this includes data masking, tokenization, secure deletion practices, and controls to prevent unauthorized copying or movement of sensitive information. Organizations must address data protection across all environments including on-premises systems, cloud storage, endpoints, and removable media to maintain compliance with regulations like GDPR, CCPA, and PCI DSS.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.