Data encryption and decryption is required
For any limited transaction, according to the data level requirements, the adoption of data reduction and obfuscation methods is proposed.
“Employ data reduction techniques and data masking techniques to reduce the need to collect, or sufficiently obfuscate, respectively, masked information to prevent visibility into that data, without preventing US persons engaged in restricted activities from performing activities with the data,” CISA added.
CISA recommends techniques that include anonymization, anonymization, de-identification, or anonymization for data processing so that the data is not linked to US public entities while being accessed by the country of concern.
Source link