3.13: Deploy a Data Loss Prevention Solution
Implement an automated tool, such as a host-based Data Loss Prevention (DLP) tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider, and update the enterprise’s sensitive data inventory.
Asset Type |
Security Function |
Implementation Groups |
---|---|---|
Data |
Protect |
3 |
Dependencies
Safeguard 2.1: Establish and Maintain a Software Inventory
Safeguard 3.2: Establish and Maintain a Data Inventory
Inputs
GV18
: Enterprise assets storing, processing, or transmitting sensitive dataGV5
: Authorized Software inventoryGV3
: Configuration Standards
Operations
Use
GV5
to identify and enumerate all data loss prevention software- Compare
GV18
and the output of Operation 1 Identify and enumerate each asset in
GV18
with data loss prevention software installed (M2)Identify and enumerate each asset in
GV18
without data loss prevention software installed (M3)
- Compare
- For assets with data loss prevention installed from Operation 2.1 check
GV3
for configuration information Identify and enumerate assets with properly configured data lass prevention software (M4)
Identify and enumerate assets with improperly configured data lass prevention software (M5)
- For assets with data loss prevention installed from Operation 2.1 check
Measures
M1 = Count of
GV18
M2 = Count of assets with data loss prevention software
M3 = Count of assets without data loss prevention software
M4 = Count of assets with properly configured data loss prevention software
M5 = Count of assets with improperly configured data loss prevention software