>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

DM-01Data Classification Criteria

>Control Description

Organization's data classification criteria are periodically reviewed, approved by management, and communicated to authorized personnel; the data security management team determines the treatment of data according to its designated data classification level.

Theme

Process

Type

Preventive

Policy/Standard

Data Management Policy

>Implementation Guidance

1. Ensure that a Data Classification Criteria is defined and documented. 2. Ensure that this criteria is reviewed and approved periodically and appropriate documentation for the review is retained. 3. Ensure that a process is defined and implemented to ensure data is treated according to its data classification level.

>Testing Procedure

1. Inspect Organization's policy and/or standard to determine whether Organization's data classification criteria is defined. 2. Inspect whether the criteria is periodically reviewed and approved by the management. 3. Validate using sample testing that data is categorized and treated according to its data classification level and defined controls.

>Audit Artifacts

E-DM-01
E-DM-02
E-DM-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
1

ID.AM-5

CIS Controls
2

3.1
3.7

ISO 27002:2022
1

5.12

FedRAMP Rev 5
3

MP-06
RA-02
SI-12

PCI DSS
1

3.2.1

HIPAA Security Rule
1

164.308(a)(1)(i)

SOC 2
4

CC3.2
CC6.1
CC6.5
C1.1

BSI C5
4

AM-06
CRY-01
OPS-11
OPS-12

TX-RAMP
3

MP-6
RA-2
SI-12

Ask AI

Configure your API key to use AI features.