PR.DS-10.233

Does your organization implement controls to protect data in use from unauthorized access by other users and processes on the same platform?

Explanation

Data in use (actively being processed in memory) can be vulnerable to unauthorized access from other users or processes running on the same system. This question assesses whether you have implemented memory protection mechanisms, process isolation, access controls, and other safeguards to prevent data leakage while it's being processed. Evidence could include documentation of implemented memory protection mechanisms (like Data Execution Prevention or Address Space Layout Randomization), process isolation techniques, access control policies for runtime environments, and configuration settings for secure memory management. Screenshots of security settings, code snippets showing memory protection implementation, or system configuration documentation would also serve as appropriate evidence.

Implementation Example

Protect data in use from access by other users and processes of the same platform

ID: PR.DS-10.233

Context

Function: PR: PROTECT
Category: PR.DS: Data Security
Sub-Category: The confidentiality, integrity, and availability of data-in-use are protected

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub