Data security compliance with the ISO/IEC 27001:2022

114 controls
14 sections

5.12: Classification of Information:

CipherTrust Data Discovery and Classification identifies structured and unstructured sensitive data on-premises and in the cloud. Built-in templates enable rapid identification of regulated data, highlight security risks, and help uncover compliance gaps.

5.3: Segregation of Duties

5.33: Protection of Records

5.34: Privacy and Protection of PII

8.7: Protection against Malware

8.10: Information Deletion

8.11: Data Masking

8.12: Data Leakage Prevention

8.24: Use of Cryptography

CipherTrust Data Security Platform is an integrated suite of data-centric security products and solutions that unify data discovery, protection, and control in one platform. CipherTrust Platform provides multiple capabilities for protecting data at rest in files, volumes, and databases. Among them:

• CipherTrust Transparent Encryption delivers data-at-rest encryption with centralized key management and privileged user access control across multiple clouds, and within big data and container environments.
• CipherTrust Tokenization with dynamic data masking permits the pseudonymization of sensitive information in databases while maintaining the ability to analyze aggregate data without exposing sensitive data during the analysis or in reports.
• CipherTrust Enterprise Key Management streamlines and strengthens key management in cloud and enterprise environments over a diverse set of use cases, encrypted information can be effectively deleted by destroying encryption keys.
• CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP) continuously monitors processes for abnormal I/O activity and alerts or blocks malicious activity before ransomware can take complete hold of your endpoints and servers.

Thales Luna Hardware Security Modules (HSMs) protect cryptographic keys and provide a FIPS 140-2 Level 3 hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption, and more. Luna HSMs are available on-premises, in the cloud as-a-service, and across hybrid environments.

Thales High Speed Encryptors (HSEs) provide network-independent data-in-motion encryption (layers 2, 3, and 4) ensuring data is secure as it moves from site-to-site, or from on-premises to the cloud and back.

5.15: Access Control

5.17: Authentication information

5.18: Access Rights

6.7: Remote Working

8.3: Information Access Restriction

8.4: Access to Source Code

8.5: Secure Authentication

Thales OneWelcome identity and access management solutions limit the access of internal and external users based on their roles and context. Backed by strong authentication (MFA), granular access policies and fine-grained authorization policies help ensure the right user is granted access to the right resource at the right time.

• SafeNet Trusted Access is a cloud-based access management solution that provides commercial, off-the-shelf multi-factor authentication.
• Thales converged badge solutions simplify the management of physical and logical access by consolidating all corporate security applications in a single user's badge.
• The broad list of supported authentication methods enables organizations to protect all their users and sensitive digital resources with strong multifactor authentication. 

Thales OneWelcome Consent & Preference Management module enables organizations to gather the consent of end consumers, so, for example, financial institutions have clear visibility of consented data allowing them to manage access to data they are allowed to utilize.

CipherTrust Transparent Encryption encrypts sensitive data, enforces granular privileged-user-access management policies and provides complete separation of roles.

5.23: Information security for use of cloud services

5.30: ICT readiness for business continuity

CipherTrust Cloud Key Manager can reduce third cloud security risks by maintaining on-premises under the full control of the organization the keys that protect sensitive data hosted by third party cloud providers under “bring your own keys” (BYOK) systems.

CipherTrust Transparent Encryption provides complete separation of administrative roles. Unless a valid reason to access the data is provided, sensitive data stored in a third-party cloud will not be accessible in cleartext to unauthorized users.

Thales Data Security solutions offer the most comprehensive range of data protection, such as Thales Data Protection on Demand (DPoD) that provides built in high availability and backup to its cloud-based Luna Cloud HSM and CipherTrust Key Management services.

8.25: Secure development lifecycle

8.26: Application security requirements

CipherTrust Platform Community Edition makes it easy for DevSecOps to deploy data protection controls in hybrid and multi-cloud applications.

CipherTrust Secrets Management is a state-of-the-art secrets management solution, which protects and automates access to secrets across DevOps tools and cloud workloads including secrets, credentials, certificates, API keys, and tokens.

CipherTrust Application Data Protection offers developer-friendly software tools for encryption key management and application-level encryption of sensitive data which provides the highest level of security at the application layer.

Thales Data Protection on Demand (DPoD) is a cloud-based marketplace that offers Luna HSMs and CipherTrust solutions as a service. This enables in-house teams to leverage these proven and certified data security solutions easily and securely in their own offerings.