DLP
Prevent unauthorized data exfiltration.
9 of 9 frameworks cover this control
Framework Mappings
How DLP maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | PR.DS-10 |
| ISO 27001 | Covered | A.8.10 A.8.12 |
| CIS v8 | Covered | CIS 3.12 |
| SOC 2 | Covered | CC6.5 CC6.7 |
| PCI DSS | Covered | 3.4.1 9.4.1 |
| CMMC | Covered | MP.L2-3.8.3 SC.L2-3.13.16 |
| 800-53 | Covered | AC-4 SC-7 |
| HIPAA | Covered | §164.312(a)(1) §164.312(e)(1) |
| GDPR | Covered | Art.5(1)(f) Art.32(1)(b) |
About DLP
DLP is a cybersecurity control in the Protect domain. Prevent unauthorized data exfiltration. Data loss prevention (DLP) solutions monitor, detect, and block unauthorized transmission of sensitive data across networks, endpoints, and cloud services. DLP policies are typically configured to identify patterns such as credit card numbers, Social Security numbers, intellectual property markers, and classified information labels, then enforce actions like blocking, quarantining, or alerting on policy violations. Effective DLP programs require accurate data classification as a foundation, and should cover all egress channels including email, web uploads, USB devices, cloud storage, and print operations.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.