Data Classification & Handling
Mechanisms exist to associate cybersecurity & data privacy attributes to information.
Data Classification & Handling
Level N/A
Mechanisms exist to reclassify data as required, due to changing business/technical requirements.
Data Classification & Handling
Mechanisms exist to provide authorized individuals the capability to define or change the type and value of cybersecurity & data privacy attributes available for association with subjects and objects.
Data Classification & Handling
Level N/A
Mechanisms exist to audit changes to cybersecurity & data privacy attributes and responds to events in accordance with incident response procedures.
Data Classification & Handling
Level N/A
Mechanisms exist to: â–ª Physically control and securely store digital and non-digital media within controlled areas using organization-defined security measures; and â–ª Protect system media until the media are destroyed or sanitized using approved equipment, techniques and procedures.
Data Classification & Handling
Level N/A
Mechanisms exist to physically secure all media that contains sensitive information.
Data Classification & Handling
Level N/A
Mechanisms exist to maintain inventory logs of all sensitive media and conduct sensitive media inventories at least annually.
Data Classification & Handling
Level N/A
Mechanisms exist to periodically scan unstructured data sources for sensitive/regulated data or data requiring special protection measures by statutory, regulatory or contractual obligations.
Data Classification & Handling
Mechanisms exist to ensure sensitive/regulated data is rendered human unreadable anywhere sensitive/regulated data is stored.
Data Classification & Handling
Level N/A
Mechanisms exist to prohibit the storage of sensitive transaction authentication data after authorization.
