PR.DS-01:

Implementation Examples

Ex1:

Use encryption, digital signatures, and cryptographic hashes to protect the confidentiality and integrity of stored data in files, databases, virtual machine disk images, container images, and other resources

Ex2:

Use full disk encryption to protect data stored on user endpoints

Ex3:

Confirm the integrity of software by validating signatures

Ex4:

Restrict the use of removable media to prevent data exfiltration

Ex5:

Physically secure removable media containing unencrypted sensitive information, such as within locked offices or file cabinets