NIST CSF 2.0 · All Functions · PR Protect · PR.DS Data Security

PR.DS-01

The confidentiality, integrity, and availability of data-at-rest are protected

Implementation examples

Ex1: Use encryption, digital signatures, and cryptographic hashes to protect the confidentiality and integrity of stored data in files, databases, virtual machine disk images, container images, and other resources
Ex2: Use full disk encryption to protect data stored on user endpoints
Ex3: Confirm the integrity of software by validating signatures
Ex4: Restrict the use of removable media to prevent data exfiltration
Ex5: Physically secure removable media containing unencrypted sensitive information, such as within locked offices or file cabinets

Mapped NIST 800-53 r5 controls (14)

CA-03 CP-09 MP-08 SC-04 SC-07 SC-12 SC-13 SC-28 SC-32 SC-39 SC-43 SI-03 SI-04 SI-07

Mapped CWE weaknesses (6)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-200←P →P CWE-284→P CWE-311←P →F CWE-327←P →P CWE-591→P CWE-798→P

All informative references (116)

BXAIOS: Chapter 4 - The Receipts (Evidence Packets)
CCMv4.0: BCR-08
CCMv4.0: CEK-03
CCMv4.0: CEK-04
CCMv4.0: CEK-18
CCMv4.0: CEK-19
CCMv4.0: DCS-04
CCMv4.0: DSP-17
CCMv4.0: HRS-04
CCMv4.0: LOG-02
CCMv4.0: LOG-09
CCMv4.0: UEM-05
CCMv4.0: UEM-08
CIS Controls v8.0: 3.11
CIS Controls v8.1: 3.11
CRI Profile v2.0: PR.DS-01
CRI Profile v2.0: PR.DS-01.01
CRI Profile v2.0: PR.DS-01.02
CRI Profile v2.0: PR.DS-01.03
CSF v1.1: PR.DS-1
CSF v1.1: PR.DS-5
CSF v1.1: PR.DS-6
CSF v1.1: PR.PT-2
Guardian-SDK: GS-TT-05
ISO/IEC 27001:2022: Mandatory Clause: 4.2(b)
ISO/IEC 27001:2022: Mandatory Clause: 5.2
ISO/IEC 27001:2022: Annex A Controls: 5.1
ISO/IEC 27001:2022: Annex A Controls: 5.3
ISO/IEC 27001:2022: Annex A Controls: 5.10
ISO/IEC 27001:2022: Annex A Controls: 5.13
ISO/IEC 27001:2022: Annex A Controls: 5.14
ISO/IEC 27001:2022: Annex A Controls: 5.15
ISO/IEC 27001:2022: Annex A Controls: 6.1
ISO/IEC 27001:2022: Annex A Controls: 6.2
ISO/IEC 27001:2022: Annex A Controls: 6.5
ISO/IEC 27001:2022: Annex A Controls: 7.7
ISO/IEC 27001:2022: Annex A Controls: 7.10
ISO/IEC 27001:2022: Annex A Controls: 8.2
ISO/IEC 27001:2022: Annex A Controls: 8.3
ISO/IEC 27001:2022: Annex A Controls: 8.4
ISO/IEC 27001:2022: Annex A Controls: 8.7
ISO/IEC 27001:2022: Annex A Controls: 8.8
ISO/IEC 27001:2022: Annex A Controls: 8.17
ISO/IEC 27001:2022: Annex A Controls: 8.19
ISO/IEC 27001:2022: Annex A Controls: 8.22
ISO/IEC 27001:2022: Annex A Controls: 8.26
NICE Framework: DD-WRL-003
NICE Framework: DD-WRL-004
NICE Framework: DD-WRL-007
NICE Framework: IO-WRL-002
NICE Framework: IO-WRL-005
NICE Framework: IO-WRL-006
NICE Framework: PD-WRL-001
OWASP Top 10 LLM Applications: LLM02-2025
OWASP Top 10 LLM Applications: LLM04-2025
OWASP Top 10 LLM Applications: LLM07-2025
OWASP Top 10 LLM Applications: LLM08-2025
PCI DSS: 3.5.1
PCI DSS: 3.6.1
PCI DSS: 3.6.1.1
PCI DSS: 3.6.1.2
PCI DSS: 3.6.1.3
PCI DSS: 3.6.1.4
PCI DSS: 3.5.1.3
PCI DSS: 3.3.1
PCI DSS: 9.4.7
PCI DSS: 9.4.6
SCF: DCH-01
SCF: CRY-01
SCF: CRY-01.1
SCF: CRY-05
SDOS: SDOS-IN-01
SDOS: SDOS-IN-02
SP 800-171 Rev 3: 03.08.09
SP 800-171 Rev 3: 03.12.05
SP 800-171 Rev 3: 03.13.01
SP 800-171 Rev 3: 03.13.04
SP 800-171 Rev 3: 03.13.06
SP 800-171 Rev 3: 03.13.08
SP 800-171 Rev 3: 03.13.10
SP 800-171 Rev 3: 03.13.11
SP 800-171 Rev 3: 03.14.02
SP 800-171 Rev 3: 03.14.06
SP 800-53 Rev 5.1.1: CA-03
SP 800-53 Rev 5.1.1: CP-09
SP 800-53 Rev 5.1.1: MP-08
SP 800-53 Rev 5.1.1: SC-04
SP 800-53 Rev 5.1.1: SC-07
SP 800-53 Rev 5.1.1: SC-12
SP 800-53 Rev 5.1.1: SC-13
SP 800-53 Rev 5.1.1: SC-28
SP 800-53 Rev 5.1.1: SC-32
SP 800-53 Rev 5.1.1: SC-39
SP 800-53 Rev 5.1.1: SC-43
SP 800-53 Rev 5.1.1: SI-03
SP 800-53 Rev 5.1.1: SI-04
SP 800-53 Rev 5.1.1: SI-07
SP 800-53 Rev 5.2.0: CA-03
SP 800-53 Rev 5.2.0: CP-09
SP 800-53 Rev 5.2.0: MP-08
SP 800-53 Rev 5.2.0: SC-04
SP 800-53 Rev 5.2.0: SC-07
SP 800-53 Rev 5.2.0: SC-12
SP 800-53 Rev 5.2.0: SC-13
SP 800-53 Rev 5.2.0: SC-28
SP 800-53 Rev 5.2.0: SC-32
SP 800-53 Rev 5.2.0: SC-39
SP 800-53 Rev 5.2.0: SC-43
SP 800-53 Rev 5.2.0: SI-03
SP 800-53 Rev 5.2.0: SI-04
SP 800-53 Rev 5.2.0: SI-07
SP 800-81r3: 3.8.2
SP 800-81r3: 3.8.6
SSDF: PS.1.1
SSDF: PS.2.1
SSDF: PS.3.1

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).