Classify and document the physical, and logical assets (e.g., applications) based on the organizational business risk.
The facility management should develop a naming convention for asset classification that meets legal, value, and business requirements to protect restricted information sharing.
- Examine the policy relating to defining the organization's business risk.
- Confirm that the physical and logical assets are being classified in accordance with defined policy and procedures.
- Review the asset Inventory to determine if assets are catalogued and tagged according to the organization's business risk classification criteria.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.