DCS-05: Assets Classification

Control Family:

Datacenter Security

CSF v1.1 References:

PF v1.0 References:

Previous Version:

Control Statement

Classify and document the physical, and logical assets (e.g., applications) based on the organizational business risk.

Implementation Guidance

The facility management should develop a naming convention for asset classification that meets legal, value, and business requirements to protect restricted information sharing.

Auditing Guidance

  1. Examine the policy relating to defining the organization's business risk.
  2. Confirm that the physical and logical assets are being classified in accordance with defined policy and procedures.
  3. Review the asset Inventory to determine if assets are catalogued and tagged according to the organization's business risk classification criteria.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.