CIS Controls v8

CIS 3 Data Protection

Starts in IG1 | Protect data with classification, handling, and lifecycle controls.

Implementation Actions

Classify sensitive data.
Apply encryption and access controls.
Enforce retention and disposal standards.

Evidence Examples

Data classification matrix
Encryption configuration
Retention/disposal records

Suggested Metrics

Sensitive data encryption coverage
Data handling violations

Navigation

Back to All 18 CIS Controls NIST CSF 2.0 Guidance FedRAMP Guidance Cybersecurity Glossary