Mechanisms exist to track the origin, development, ownership, location and changes to systems, system components and associated data.
Mechanisms exist to maintain network architecture diagrams that: ▪ Contain sufficient detail to assess the security of the network's architecture; ▪ Reflect the current architecture of the network environment; and ▪ Document all sensitive/regulated data flows.
Mechanisms exist to determine cybersecurity & data privacy control applicability by identifying, assigning and documenting the appropriate asset scope categorization for all systems, applications, services and personnel (internal and third-parties).
Mechanisms exist to ensure control applicability is appropriately-determined for systems, applications, services and third parties by graphically representing applicable boundaries.
Mechanisms exist to create and maintain a current inventory of systems, applications and services that are in scope for statutory, regulatory and/or contractual compliance obligations that provides sufficient detail to determine control applicability, based on asset scope categorization.
Mechanisms exist to maintain strict control over the internal or external distribution of any kind of sensitive/regulated media.
Mechanisms exist to obtain management approval for any sensitive / regulated media that is transferred outside of the organization's facilities.
Mechanisms exist to implement enhanced protection measures for unattended systems to protect against tampering and unauthorized access.
Mechanisms exist to educate users on the need to physically secure laptops and other mobile devices out of site when traveling, preferably in the trunk of a vehicle.
Mechanisms exist to appropriately protect devices that capture sensitive/regulated data via direct physical interaction from tampering and substitution.
Passcode