GRM-02: Data Focus Risk Assessments

Control Family:

Governance and Risk Management

CSF v1.1 References:

PF v1.0 References:

Control Statement

Risk assessments associated with data governance requirements shall be conducted at planned intervals and shall consider the following:

  • Awareness of where sensitive data is stored and transmitted across applications, databases, servers, and network infrastructure
  • Compliance with defined retention periods and end-of-life disposal requirements
  • Data classification and protection from unauthorized use, access, loss, destruction, and falsification

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4