graphgrc

SOC2 - CC6.7

The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives

Restricts the Ability to Perform Transmission

Data loss prevention processes and technologies are used to restrict ability to authorize and execute transmission, movement and removal of information

Uses Encryption Technologies or Secure Communication Channels to Protect Data

Encryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points

Protects Removal Media

Encryption technologies and physical asset protections are used for removable media (such as USB drives and back-up tapes), as appropriate

Protects Mobile Devices

Processes are in place to protect mobile devices (such as laptops, smart phones and tablets) that serve as information assets.

Mapped SCF controls

• CFG-04.2 - Unsupported Internet Browsers & Email Clients
• CRY-03 - Transmission Confidentiality
• CRY-05 - Encrypting Data At Rest
• DCH-01 - Data Protection
• DCH-10 - Media Use
• DCH-12 - Removable Media Security
• DCH-13 - Use of External Information Systems
• DCH-13.2 - Portable Storage Devices
• DCH-14 - Information Sharing
• DCH-17 - Ad-Hoc Transfers
• MDM-01 - Centralized Management Of Mobile Devices
• MDM-03 - Full Device & Container-Based Encryption
• NET-13 - Electronic Messaging

This site is open source. Improve this page.