Virginia Tech® home

Endpoint Data Security Controls

Introduction

The use of data security controls ensures only those who are permitted access to a specific piece of data are able to access it. Data security control techniques include encryption, masking and erasure.

Encryption

See endpoint-encryption

FISMA Compliance

FISMA (The Federal Information Security Management Act) has a set of requirements to ensure your data is secure. The National Institute of Standards and Technology Special Publication 800-53 has a set of guidelines that ensure you are FISMA compliant. These include:

  • Create an Inventory of Information Systems
  • Select applicable security controls
  • Implement the security controls
  • Assess the security controls
  • Authorize the information systems
  • Monitor the security controls

PCI Compliance

The PCI Security Standards Council is an organization that sets security standards designed to ensure that all companies maintain a secure environment for the use of and transmission of credit card information. While the scope of PCI Compliance is large, the official PCI v4 compliance lists a few best practices designed to help every day use of credit card information

  • Review logged data frequently (information on how this can be done on Windows can be found here)
  • Ensure that all failures in security controls are detected an responded to promptly
  • Review changes that could introduce security risk
  • Perform risk assessment
  • Review external connections and third-party access (information on how to do this can be found here)

More information can be found here

Standards for High Risk Digital Data Protection v. 6

Virginia Tech has a list of standards used in the protection of high risk digital data. A full in-depth breakdown of these standards can be found here. Some of these standards utilize techniques explained in these documents, some of which include: