Does your organization implement controls to protect data in use from unauthorized access by other users and processes on the same platform?
Explanation
Data in use (actively being processed in memory) can be vulnerable to unauthorized access from other users or processes running on the same system. This question assesses whether you have implemented memory protection mechanisms, process isolation, access controls, and other safeguards to prevent data leakage while it's being processed.
Evidence could include documentation of implemented memory protection mechanisms (like Data Execution Prevention or Address Space Layout Randomization), process isolation techniques, access control policies for runtime environments, and configuration settings for secure memory management.
Screenshots of security settings, code snippets showing memory protection implementation, or system configuration documentation would also serve as appropriate evidence.
Implementation Example
Protect data in use from access by other users and processes of the same platform
ID: PR.DS-10.233
Context
- Function
- PR: PROTECT
- Category
- PR.DS: Data Security
- Sub-Category
- The confidentiality, integrity, and availability of data-in-use are protected
Related questions
- Does your organization implement cryptographic controls (encryption, digital signatures, hashing) to protect the confidentiality and integrity of stored data across all relevant storage systems?
- Is full disk encryption implemented on all user endpoints (laptops, desktops, mobile devices) that store company data?
- Does your organization validate digital signatures to verify the integrity and authenticity of software before installation or use?
- Does your organization have a policy and technical controls to restrict the use of removable media devices?
- Does your organization physically secure all removable media containing unencrypted sensitive information?
- Does your organization implement cryptographic controls to protect the confidentiality and integrity of network communications?

