Does your organization block access to personal email, file sharing, storage services, and other personal communication applications from corporate systems and networks?
Explanation
Allowing access to personal communication services from corporate networks creates potential data exfiltration paths and increases the risk of malware infections. These services bypass corporate security controls like DLP, email filtering, and malware scanning that protect organizational data. Examples include Gmail, Dropbox, OneDrive personal accounts, and messaging apps like WhatsApp web client.
Evidence could include screenshots of web filtering configurations showing blocked categories, firewall rules blocking these services, or documentation of technical controls that prevent access to personal communication services across the network.
Implementation Example
Block access to personal email, file sharing, file storage services, and other personal communications applications and services from organizational systems and networks
ID: PR.DS-02.230
Context
- Function
- PR: PROTECT
- Category
- PR.DS: Data Security
- Sub-Category
- The confidentiality, integrity, and availability of data-in-transit are protected
Related questions
- Does your organization implement cryptographic controls (encryption, digital signatures, hashing) to protect the confidentiality and integrity of stored data across all relevant storage systems?
- Is full disk encryption implemented on all user endpoints (laptops, desktops, mobile devices) that store company data?
- Does your organization validate digital signatures to verify the integrity and authenticity of software before installation or use?
- Does your organization have a policy and technical controls to restrict the use of removable media devices?
- Does your organization physically secure all removable media containing unencrypted sensitive information?
- Does your organization implement cryptographic controls to protect the confidentiality and integrity of network communications?

