Protect
Safeguards to mitigate cybersecurity risk
The Protect function focuses on developing and implementing safeguards necessary to mitigate or contain a cyber risk.
| Control | Description | Key Measure | Status | Maturity |
|---|
| PR.AC-1 | Identities and credentials managed | Yes | Partial | L2 |
| PR.AC-2 | Physical access managed | No | Partial | L1 |
| PR.AC-3 | Remote access managed | Yes | Partial | L2 |
| PR.AC-4 | Access permissions managed | Yes | Partial | L2 |
| PR.AC-5 | Network integrity protected | Yes | Implemented | L2 |
| Control | Description | Key Measure | Status | Maturity |
|---|
| PR.AT-1 | Users informed and trained | Yes | Planned | L1 |
| Control | Description | Key Measure | Status | Maturity |
|---|
| PR.DS-1 | Data-at-rest protected | No | Implemented | L2 |
| PR.DS-2 | Data-in-transit protected | No | Implemented | L2 |
| PR.DS-3 | Asset disposal managed | No | Partial | L1 |
| PR.DS-7 | Dev/test separate from production | No | Implemented | L2 |
| Control | Description | Key Measure | Status | Maturity |
|---|
| PR.IP-4 | Backups conducted and tested | Yes | Implemented | L2 |
| PR.IP-11 | HR cybersecurity practices | No | Planned | L1 |
| Control | Description | Key Measure | Status | Maturity |
|---|
| PR.MA-1 | Maintenance performed and logged | Yes | Partial | L2 |
| Control | Description | Key Measure | Status | Maturity |
|---|
| PR.PT-1 | Audit/log records managed | Yes | Partial | L2 |
| PR.PT-4 | Communications networks protected | No | Partial | L2 |