NIST SPECIAL PUBLICATION 1800-28
CHALLENGE
An organization must protect its information from unauthorized access and disclosure. Data breaches large and small can have far-reaching operational, financial, and reputational impacts on an organization. In the event of a data breach, data confidentiality can be compromised via unauthorized exfiltration, leaking, or spills of data to unauthorized parties, including the general public.
It is essential for an organization to identify and protect assets to prevent breaches. And in the event a data breach occurs, it is essential that an organization be able to detect the ongoing breach themselves, as well as begin to execute a response and recovery plan that leverages security technology and controls.
BENEFITS
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) developed this guide to help organizations implement strategies to prevent data confidentiality attacks. This NIST NCCoE Cybersecurity Practice Guide demonstrates how organizations can develop and implement appropriate actions to identify and protect data against a confidentiality cybersecurity event. It includes numerous technology and security recommendations to improve your corganization’s cybersecurity posture.
APPROACH
This is part of a series of projects that seek to provide guidance to improve an organization’s data security in the context of the CIA triad. The CIA triad represents the three pillars of information security: onfidentiality, integrity, and availability. This practice guide focuses on data confidentiality: the property that data has not been disclosed in an unauthorized fashion. Data confidentiality concerns data in storage, during processing, and while in transit. (Note: These definitions are from NIST Special Publication (SP) 800-12 Rev 1, An Introduction to Information Security.)
This guide applies data confidentiality principles through the lens of the NIST Cybersecurity Framework version 1.1. Specifically, this practice guide focuses on the Cybersecurity Framework Functions of Identify and Protect to provide guidance on how to prevent data confidentiality attacks. It informs organizations of how to identify and protect assets, including data, against a data confidentiality attack, and in turn understand how to manage data confidentiality risks and implement the appropriate safeguards. A complementary project and accompanying practice guide (SP1800-29) addresses data confidentiality through the lens of detecting, responding, and recovering from a data confidentiality attack.
The NCCoE developed and implemented an example solution that incorporates multiple systems working in concert to identify and protect assets and data against data confidentiality cybersecurity events. This document highlights both the security and privacy characteristics of the example solution by considering common data security use cases an organization might seek to address and by enumerating problematic data actions that might impact privacy.
While the NCCoE used a suite of commercial products to address this challenge, this guide does not endorse these particular products, nor does it guarantee compliance with any regulatory initiatives. Your organization’s information security experts should identify the products that will best integrate with your existing tools and IT system infrastructure. Your organization can adopt this solution or one that adheres to these guidelines in whole, or you can use this guide as a starting point for tailoring and
implementing parts of a solution.
