|
Manage data lifecycle
|
5
|
|
2.4.1
|
Data roles (i.e., owners, controllers, custodians, processors, users/subjects)
|
5
|
|
2.4.2
|
Data collection
|
5
|
|
2.4.3
|
Data location
|
5
|
|
2.4.4
|
Data maintenance
|
5
|
|
2.4.5
|
Data retention
|
5
|
|
2.4.6
|
Data remanence
|
5
|
|
2.4.7
|
Data destruction
|
5
|
|
2.5
|
Ensure appropriate asset retention (e.g., End-of-Life (EOL) End-of-Support (EOS))
|
5
|
|
2.6
|
Determine data security controls and compliance requirements
|
5
|
|
2.6.1
|
Data states (e.g., in use, in transit, at rest)
|
5
|
|
2.6.2
|
Scoping and tailoring
|
5
|
|
2.6.3
|
Standards selection
|
5
|
|
2.6.4
|
Data protection methods (e.g., Digital Rights Management (DRM), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB))
|
5
|
|
Domain 3
|
Security Architecture and Engineering
|
|
|
3.1
|
Research, implement and manage engineering processes using secure design principles
|
1, 8, 9, 16
|
|
3.1.1
|
Threat Modeling
|
1
|
|
3.1.2
|
Least Privilege
|
16
|
|
3.1.3
|
Defense in Depth
|
1
|
|
3.1.4
|
Secure defaults
|
8
|
|
3.1.5
|
Fail securely
|
8
|
|
3.1.6
|
Separation of duties (SoD)
|
16
|
|
3.1.7
|
Keep it simple
|
8
|
|
3.1.8
|
Zero Trust
|
8
|
|
3.1.9
|
Privacy by design
|
8
|
|
3.1.10
|
Trust but verify
|
8
|
|
3.1.11
|
Shared responsibility
|
9
|
|
3.2
|
Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
|
8
|
|
3.3
|
Select controls based upon systems security requirements
|
8
|
|
3.4
|
Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
|
8
|
|
3.5
|
Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
|
9, 16,
СКАЧАТЬ
|
