PR.DS-01 - Protecting Data-at-Rest
PR.DS-01 focuses on securing data-at-rest—stored in files, databases, or devices—using encryption, digital signatures, and physical controls to protect confidentiality, integrity, and availability. This includes full disk encryption for endpoints and restricting removable media to prevent unauthorized access or exfiltration. It safeguards data when it’s not actively being used.
This subcategory ensures that stored data remains trustworthy and accessible only to authorized parties, reducing risks like theft or corruption. It aligns protection measures with the organization’s risk strategy, prioritizing sensitive data types. PR.DS-01 forms a critical layer of defense for persistent data assets.
