cisa-d5-protection-info-assets-data-loss-prevention

Data Loss Prevention

isaca-cisa · framework · Gold standard

Drawn fromCISA Review Manual · ISACA peer-reviewed case sets·Reviewed May 4, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Data Loss Prevention

Data Loss Prevention (DLP) is a governance discipline and control domain combining policy, people, and technology to detect, monitor, and prevent unauthorized disclosure, transmission, or destruction of sensitive data — whether accidental or malicious. At the CISA Domain 5 framework level, DLP is not a product category but a systematic program spanning six integrated components: data discovery and classification, policy enforcement, monitoring, enforcement action, incident response integration, and continuous improvement. DLP operates across three data vectors: data in use (endpoints), data in motion (networks, email, cloud transfers), and data at rest (storage, databases, collaboration platforms). Modern DLP has shifted from perimeter-centric appliances to identity- and content-centric models that follow data across SaaS, IaaS, and hybrid environments.

Where it stops · what it isn't

—DLP IS: A governance-and-technology control domain covering discovery, classification, policy enforcement, monitoring, and incident response for sensitive data — integrated with IAM, encryption, SIEM, and network security.
—DLP IS NOT: A standalone software product, a substitute for encryption, or a complete data security strategy on its own. Deploying a DLP tool without accompanying policy and data classification is not a DLP program.
—DLP IS NOT: Identity and Access Management (IAM) — IAM controls who can access data; DLP controls what happens to data once accessed.
—DLP IS NOT: Data backup or disaster recovery — those disciplines address availability, not confidentiality or unauthorized disclosure.
—DLP does NOT replace data governance or privacy programs — it is a technical and procedural enforcement layer that supports them.
—DLP scope does NOT include blocking all business communication — policy tuning and exception management are inherent design requirements, not optional additions.

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Protection of Information Assets (CISA Domain 5)

REQUIRES

Data Classification and InventoryInformation Security Policy Framework

ENABLES

Regulatory Compliance Reporting (GDPR, HIPAA, PCI-DSS, SOC 2)Insider Threat Detection and ResponseZero-Trust Architecture Implementation

RELATED TO

Encryption and Key ManagementIdentity and Access Management (IAM)Network and Endpoint SecuritySecurity Incident and Event Management (SIEM)

CONSTRAINS

Third-Party and Vendor Data Handling

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.