Eleos | Home

Data Protection

Segment Data Processing and Storage Based on Sensitivity

Level 2

Segment data processing and storage based on the sensitivity of the data. Do not process sensitive data on enterprise assets intended for lower sensitivity data.

Parent

Compliance Framework

CIS v8.0

Control Number

3.12

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

DSP-10

DCH-02.1

SEA-03.1

Solutions
Community

Data Protection

Deploy a Data Loss Prevention Solution

Level 3

Implement an automated tool, such as a host-based Data Loss Prevention (DLP) tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider, and update the enterprise's sensitive data inventory.

Parent

Compliance Framework

CIS v8.0

Control Number

3.13

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

DSP-10

UEM-11

NET-17

Solutions
Community

Data Protection

Log Sensitive Data Access

Level 3

Log sensitive data access, including modification and disposal.

Parent

Compliance Framework

CIS v8.0

Control Number

3.14

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

DSP-17

LOG-04

MON-01.15

MON-02

MON-02.1

MON-02.3

MON-03

MON-03.1

Solutions
Community

Data Protection

Establish and Maintain a Data Inventory

Level 1

Establish and maintain a data inventory, based on the enterprise’s data management process. Inventory sensitive data, at a minimum. Review and update inventory annually, at a minimum, with a priority on sensitive data.

Parent

Compliance Framework

CIS v8.0

Control Number

3.2

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

DSP-03

DCH-06.2

DCH-06.3

Solutions
Community

Data Protection

Configure Data Access Control Lists

Level 1

Configure data access control lists based on a user’s need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications.

Parent

Compliance Framework

CIS v8.0

Control Number

3.3

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

CMMC v2.11

CCM v4.0.10

ISO 27002:2022

NIST CSF v1.1

NIST 800-171 Rev 2

NIST 800-53 Rev 5

Control Number

IAM-12

DCH-01

DCH-03

DCH-03.1

DCH-13.1

DCH-14

DCH-14.2

DCH-14.3

IAC-08

NET-04

AC.L2-3.1.3

AC.L2-3.1.5

MP.L2-3.8.2

DSP-17

IAM-05

5.15

8.3

8.4

PR.AC-4

3.8.2

AC-5

AC-6

Solutions
Community

Data Protection

Enforce Data Retention

Level 1

Retain data according to the enterprise’s data management process. Data retention must include both minimum and maximum timelines.

Parent

Compliance Framework

CIS v8.0

Control Number

3.4

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

DSP-16

DCH-18

Solutions
Community

Data Protection

Securely Dispose of Data

Level 1

Securely dispose of data as outlined in the enterprise’s data management process. Ensure the disposal process and method are commensurate with the data sensitivity.

Parent

Compliance Framework

CIS v8.0

Control Number

3.5

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

DCS-01

DSP-02

DSP-16

AST-09

DCH-08

DCH-09

DCH-21

PRI-05

Solutions
Community

Data Protection

Establish and Maintain a Data Classification Scheme

Level 2

Establish and maintain an overall data classification scheme for the enterprise. Enterprises may use labels, such as “Sensitive,” “Confidential,” and “Public,” and classify their data according to those labels. Review and update the classification scheme annually, or when significant enterprise changes occur that could impact this Safeguard.

Parent

Compliance Framework

CIS v8.0

Control Number

3.7

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

Control Number

DSP-04

DCH-02

DCH-02.1

Solutions
Community

Data Protection

Document Data Flows

Level 2

Document data flows. Data flow documentation includes service provider data flows and should be based on the enterprise’s data management process. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.

Parent

Compliance Framework

CIS v8.0

Control Number

3.8

Related

Compliance Framework

CCM v4.0.10

Secure Controls Framework 2023.4

CMMC v2.11

ISO 27002:2022

NIST CSF v1.1

NIST 800-53 Rev 5

Control Number

DSP-05

GRC-03

IVS-03

AST-04

AC.L2-3.1.3

CA.L2-3.12.4

SC.L2-3.13.6

5.14

DE.AE-1

ID.AM-3

AC-4

CM-12

Solutions
Community

Data Protection

Encrypt Data on Removable Media

Level 2

Encrypt data on removable media.

Parent

Compliance Framework

CIS v8.0

Control Number

3.9

Related

Compliance Framework

Secure Controls Framework 2023.4

Control Number

CRY-01

Solutions
Community

Filter

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Data Protection

Create new POAM

Create new Exception

Assign to POAM

Assign to Exception

Organization Passcode

Only share this code with people you trust. Users will become a member of your organization and view your SSP and reports.