ID.AM-05: Assets are prioritized based on classification, criticality, resources, and impact on the mission

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Define criteria for prioritizing each class of assets

Ex2: Apply the prioritization criteria to assets

Ex3: Track the asset priorities and update them periodically or when significant changes to the organization occur