[csf.tools Note: Subcategories do not have detailed descriptions.]
NIST Special Publication 800-53 Revision 5
Develop and document an inventory of system components that: Accurately reflects the system; Includes all components within the system; Does not include duplicate accounting of components or components assigned to any other system; Is at the level of granularity deemed necessary for tracking and reporting; and Includes the following information to achieve system component accountability:…
Identify and document the location of [Assignment: organization-defined information] and the specific system components on which the information is processed and stored; Identify and document the users who have access to the system and system components where the information is processed and stored; and Document changes to the location (i.e., system or system components) where…
Develop and document a map of system data actions.
Cloud Controls Matrix v4.0
Restrict the unauthorized addition, removal, update, and management of organization assets.
Classify and document the physical, and logical assets (e.g., applications) based on the organizational business risk.
Catalogue and track all relevant physical and logical assets located at all of the CSP's sites within a secured system.
Create and maintain a data inventory, at least for any sensitive data and personal data.
Create data flow documentation to identify what data is processed, stored or transmitted where. Review data flow documentation at defined intervals, at least annually, and after any change.
Define, implement and evaluate processes, procedures and technical measures for the transfer and sub-processing of personal data within the service supply chain, according to any applicable laws and regulations.
Define and implement, processes, procedures and technical measures to specify and document the physical locations of data, including any locations in which data is processed or backed up.
Identify and document high-risk environments.
Apply, document, implement and manage the SSRM throughout the supply chain for the cloud service offering.
Develop and maintain an inventory of all supply chain relationships.
Maintain an inventory of all endpoints used to store and access company data.
Enable remote geo-location capabilities for all managed mobile endpoints.
NIST Special Publication 800-53 Revision 4
The organization: Develops and documents an inventory of information system components that: Accurately reflects the current information system; Includes all components within the authorization boundary of the information system; Is at the level of granularity deemed necessary for tracking and reporting; and Includes [Assignment: organization-defined information deemed necessary to achieve effective information system component accountability];…