3.2: Establish and Maintain a Data Inventory
CSF v1.1 References:
Previous Version:
- Critical Security Controls Version 7.1:
- 13.1: Maintain an Inventory of Sensitive Information
Control Statement
Establish and maintain a data inventory, based on the enterprise’s data management process. Inventory sensitive data, at a minimum. Review and update inventory annually, at a minimum, with a priority on sensitive data.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]