The Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that allows organizations to measure their performance against the National Data Guardian’s 10 data security standards. Portnox's cloud-native platform for zero trust access control meets and supports these critical security standards in a variety of different and interconnected ways.

data security and protection toolkit portnox

Accelerate your DSPT assessment with Portnox.

Data Security Standard 1: Personal Confidential Data

Portnox delivers technical controls for the protection of personal confidential data across the network for both on-site and remote employees, as well as contractors and on-site guests. Administrators can configure and enforce network authentication and access control policies based on role, location, device type, access layer, and more. Automated network segmentation ensures that the right users have access to the critical data and resources they need to perform their jobs, while also preventing lateral movement across the network that could result in data loss and in the event of a cyber attack.

Technical controls include, but are not limited to:

  • Individual user logins
  • Role-based access
  • Two factor authentication
  • Encryption
  • Endpoint port control
  • Data loss prevention
  • Effective audit logging
  • ...and more
Data Security Standard 4: Managing Data Access

As mentioned above, Portnox delivers access control policy enforcement for organizational resources across the network and to the network itself. The platform is fundamentally designed to allow access to data ONLY to those users who should have access in accordance with NHS data security standards. This is accomplished by implementing security measure across every step of the user's digital journey:

  • Endpoint visibility & awareness: 24/7/365 visibility of devices (models, OS, locations, etc.) requesting network authentication
  • Network authentication: Leveraging directory service (Okta, Active Directory, etc.) user profiles to dictate network access privileges
  • Segmentation & access control: 802.1x access control and dynamic vLAN assignment for all users and devices no matter location
  • Risk monitoring: Endpoint risk posture awareness, looking at firewall status, antivirus status, apps in use, USBs drives, and more
  • Endpoint remediation: Automatically quarantining and remediating devices that fall out of compliance to mitigate potential risk
  • Systems integrations: MDM and SIEM integrations provide further holistic visibility and control of user access to organizational data
Data Security Standard 6: Responding to Incidents

Portnox is inherently used to close the gap on access vulnerabilities. Post-network connection, Portnox monitors every device (managed, BYOD, IoT, etc.) and continually assesses the risk posture of each device. When devices exceed an organization's predefined risk threshold, Portnox responds to this compliance and security incident by automatically quarantining that device on the network and remediating it.

Portnox monitors risks across the following endpoint factors:

  • Geolocation
  • Firewall status
  • Antivirus status
  • Dormancy
  • Applications
  • Open ports
  • Device encryption
  • OS version
  • Rootkit
  • Passcode
  • Running services
  • Administrator privileges
  • Peripheral devices
  • Domain membership
  • ...and more
Data Security Standard 9: IT Protection

Portnox enables organizations to maintain transparent and secure administration of network devices such as routers, switches, and firewalls, and by centralizing user authentication, access control policy enforcement, activity audit trails, and more – all from the cloud. This is accomplished through the platform's built-in TACACS+ server, which delivers authentication, authorization, and accounting (AAA) services.

Data Security Standard 10: Accountable Suppliers

Portnox is ISO 27001 certified. ISO 27001 is a framework that helps organizations establish, implement, operate, monitor, review, maintain and continually improve an ISMS, and is the international standard for information security. Portnox is also SOC 2 Type II certified. SOC 2 certification validates that the Portnox Cloud upholds the standards of the American Institute of Certified Public Accountants (AICPA).

endpoint risk monitoring portnox

Mitigate risk at the source with continuous endpoint risk monitoring.

In order to thwart cyber attacks, you have to go to the source. More times than not, that source is a user's device that's been used to breach a network. While visibility of connected devices is critical, it's just the first step. Portnox goes deeper - monitoring the risk posture of every connected device 24/7/365. Look at the state of anti-virus, firewall, applications in use, and a variety of other common areas of vulnerability to detect and remove non-compliant devices from the network.

Data Security and Protection Toolkit FAQs.

Try Portnox Cloud for Free Today

Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!