Eleos | Home

Create data flow documentation to identify what data is processed, stored or transmitted where. Review data flow documentation at defined intervals, at least annually, and after any change.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-05

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

Control Number

3.8

AC-4

AC-4(1)

AC-4(2)

AC-4(3)

AC-4(5)

AC-4(6)

AC-4(7)

AC-4(8)

AC-4(10)

AC-4(12)

AC-16

AC-16(3)

AC-16(7)

AC-16(8)

AC-4(13)

AC-4(19)

SA-5

SA-17

SA-17(3)

SC-7

SC-7(24)

ID.AM-3

DE.AE-1

AST-04

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Data Ownership and Stewardship

Level N/A

Document ownership and stewardship of all relevant documented personal and sensitive data. Perform review at least annually.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-06

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

3.1

PM-18

PM-19

PM-22

PT-2

PT-2(1)

PS-6

PS-6(2)

SI-12

SI-12(1)

DCH-01.1

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Data Protection by Design and Default

Level N/A

Develop systems, products, and business practices based upon a principle of security by design and industry best practices.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-07

Related

Compliance Framework

CIS v8.0

ISO 27002:2022

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

CIS v8.0

Control Number

16.1

5.8

PM-17

PM-24

PM-25

PT-2

PT-2(2)

SA-3

SA-4

SA-5

SA-8

SA-8(9)

SA-8(13)

SA-8(18)

SA-8(20)

SA-8(22)

SA-8(23)

SA-8(33)

SA-15

SA-15(12)

SC-3

SC-3(3)

SC-7

SC-7(24)

SC-8

SC-8(1)

SC-8(2)

SC-8(3)

SC-8(4)

SC-28

SC-28(1)

SI-12

SI-12(1)

SI-12(2)

SI-12(3)

PR.IP-2

PR.PT-3

PR.AC-4

SEA-01

12.2

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Data Privacy by Design and Default

Level N/A

Develop systems, products, and business practices based upon a principle of privacy by design and industry best practices. Ensure that systems' privacy settings are configured by default, according to all applicable laws and regulations.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-08

Related

Compliance Framework

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

PM-22

PM-24

PT-1

PT-2

PT-2(1)

PT-5

PT-5(1)

PT-5(2)

PT-6

PT-8

SA-11

SA-11(3)

SI-18

SI-18(3)

SA-19

SI-19(1)

SI-19(5)

SI-19(6)

SI-19(8)

SEA-01

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Data Protection Impact Assessment

Level N/A

Conduct a Data Protection Impact Assessment (DPIA) to evaluate the origin, nature, particularity and severity of the risks upon the processing of personal data, according to any applicable laws, regulations and industry best practices.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-09

Related

Compliance Framework

NIST 800-53 Rev 5

Secure Controls Framework 2023.4

Control Number

CM-4

CM-4(1)

CM-4(2)

PT-3

RA-8

SA-4

SA-9

SA-9(1)

RSK-10

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Sensitive Data Transfer

Level N/A

Define, implement and evaluate processes, procedures and technical measures that ensure any transfer of personal or sensitive data is protected from unauthorized access and only processed within scope as permitted by the respective laws and regulations.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-10

Related

Compliance Framework

CIS v8.0

NIST 800-53 Rev 5

NIST CSF v1.1

Secure Controls Framework 2023.4

CIS v8.0

Control Number

3.1

3.12

3.13

AC-4

AC-4(23)

AC-4(24)

AC-4(25)

CA-3

CA-3(6)

CA-6

CA-6(1)

CA-6(2)

SC-4

SC-4(2)

SC-7

SC-7(10)

SC-7(24)

SC-8

SC-8(1)

SC-8(2)

SC-8(3)

SC-8(4)

SC-8(5)

SC-16

SC-16(1)

SC-16(2)

SC-16(3)

PR.DS-2

PR.DS-5

PR.PT-4

CRY-01

CRY-03

DCH-01

DCH-03

DCH-14

DCH-14.2

DCH-17

3.1

Solutions
Community

Data Security and Privacy Lifecycle Management (DSP)

Personal Data Access, Reversal, Rectification and Deletion

Level N/A

Define and implement, processes, procedures and technical measures to enable data subjects to request access to, modification, or deletion of their personal data, according to any applicable laws and regulations.

Parent

Compliance Framework

CCM v4.0.10

Control Number

DSP-11

Related

Compliance Framework

NIST 800-53 Rev 5