ID.AM-07: Inventories of data and corresponding metadata for designated data types are maintained

Info icon.

Subcategory is new to this version of the framework.

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Maintain a list of the designated data types of interest (e.g., personally identifiable information, protected health information, financial account numbers, organization intellectual property, operational technology data)

Ex2: Continuously discover and analyze ad hoc data to identify new instances of designated data types

Ex3: Assign data classifications to designated data types through tags or labels

Ex4: Track the provenance, data owner, and geolocation of each instance of designated data types