PR.DS-02.229

Does your organization automatically encrypt or block outbound communications containing sensitive data based on data classification?

Explanation

This control ensures that sensitive information is protected when transmitted outside the organization by either encrypting it to maintain confidentiality or blocking its transmission entirely when appropriate. The system should be able to identify sensitive content based on established data classification policies and automatically apply the appropriate protection mechanism without requiring manual intervention. Evidence could include screenshots of DLP (Data Loss Prevention) system configurations, email gateway settings showing encryption/blocking rules, data classification policies tied to automated controls, and logs demonstrating the system in action when sensitive data is detected in outbound communications.

Implementation Example

Automatically encrypt or block outbound emails and other communications that contain sensitive data, depending on the data classification

ID: PR.DS-02.229

Context

Function: PR: PROTECT
Category: PR.DS: Data Security
Sub-Category: The confidentiality, integrity, and availability of data-in-transit are protected

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub