DORA · Chapter II — ICT risk management
Art. 9 Protection and prevention
Implement policies and tools to protect ICT systems, including access control and cryptographic protection of data at rest, in use and in transit.
Mapped across 31 provisions
Equivalent and related requirements in other frameworks and regulations.
- CIS Controls v8PartialCurated6.1 Establish an access granting process
Access control & identity
- CIS Controls v8PartialCurated3.11 Encrypt sensitive data at rest
Cryptography & data protection
- Cyber EssentialsPartialCuratedCE-3 User access control
Access control & identity
- Essential EightPartialCuratedE8-3 Multi-factor authentication
Access control & identity
- Essential EightPartialCuratedE8-4 Restrict administrative privileges
Access control & identity
- GDPRPartialCuratedArt. 32 Security of processing
Cryptography & data protection
- GLBAPartialCurated§314.4(c)(1) Access controls
Access control & identity
- GLBAPartialCurated§314.4(c)(3) Encryption of customer information
Cryptography & data protection
- HIPAAPartialCurated§164.312(a)(1) Access control
Access control & identity
- HIPAAPartialCurated§164.312(e)(1) Transmission security
Cryptography & data protection
- ISO 27001PartialCuratedA.5.15 Access control
Access control & identity
- ISO 27001PartialCuratedA.5.16 Identity management
Access control & identity
- ISO 27001PartialCuratedA.8.24 Use of cryptography
Cryptography & data protection
- LGPDPartialCuratedArt. 46 Security measures
Cryptography & data protection
- NIS2PartialCuratedArt. 21(2)(i) Access control and asset management
Access control & identity
- NIS2PartialCuratedArt. 21(2)(h) Cryptography and encryption
Cryptography & data protection
- NIST 800-171PartialCurated3.1.1 Limit system access to authorized users
Access control & identity
- NIST 800-171PartialCurated3.13.11 Employ FIPS-validated cryptography
Cryptography & data protection
- NIST 800-53PartialCuratedAC-2 Account management
Access control & identity
- NIST 800-53PartialCuratedSC-8 Transmission confidentiality and integrity
Cryptography & data protection
- NIST 800-53PartialCuratedSC-28 Protection of information at rest
Cryptography & data protection
- NIST CSF 2.0PartialCuratedPR.AA-01 Identities and credentials managed
Access control & identity
- NIST CSF 2.0PartialCuratedPR.AA-05 Access permissions and authorizations enforced
Access control & identity
- NIST CSF 2.0PartialCuratedPR.DS-01 Confidentiality of data-at-rest protected
Cryptography & data protection
- NIST CSF 2.0PartialCuratedPR.DS-02 Confidentiality of data-in-transit protected
Cryptography & data protection
- PCI DSSPartialCuratedReq. 7 Restrict access by business need to know
Access control & identity
- PCI DSSPartialCuratedReq. 8 Identify users and authenticate access
Access control & identity
- PCI DSSPartialCuratedReq. 3 Protect stored account data
Cryptography & data protection
- PCI DSSPartialCuratedReq. 4 Protect cardholder data with strong cryptography during transmission
Cryptography & data protection
- SOC 2PartialCuratedCC6.1 Logical access security controls
Access control & identity
- SOC 2PartialCuratedCC6.7 Restricting data transmission
Cryptography & data protection