This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Data Loss Prevention
|Data Loss Prevention|
|IEC 62443-3-3:2013||SR 4.1|
|IEC 62443-4-2:2019||CR 4.1|
Data Loss Prevention (DLP) technologies can be used to help identify adversarial attempts to exfiltrate operational information, such as engineering plans, trade secrets, recipes, intellectual property, or process telemetry. DLP functionality may be built into other security products such as firewalls or standalone suites running on the network and host-based agents. DLP may be configured to prevent the transfer of information through corporate resources such as email, web, and physical media such as USB for host-based solutions.
Techniques Addressed by Mitigation
|Theft of Operational Information||Apply DLP to protect the confidentiality of information related to operational processes, facility locations, device configurations, programs, or databases that may have information that can be used to infer organizational trade-secrets, recipes, and other intellectual property (IP).|