Data Security (PR.DS)
Protecting data at rest, in flight, and while it is in use is not the easiest thing to do. Thankfully, however, there are built-in tools that will allow us to protect data at all stages.
PR.DS-01
Encryption is the name of the game for this control family. To ensure that we are adequately protecting our information, we must initially encrypt the drives that the data resides on. This is important for many different reasons, but the biggest one is to make sure that if a device were ever lost or stolen, the data could not be retrieved from the hard drive.
It is trivial to take information from an unencrypted hard drive. You can buy a device from any local IT or computer store that will allow you to hook up the drive, through USB, to another computer and read information from it. If the hard drive were encrypted, this would not be the case. In order to decrypt the drive, you...
