Domain 2: Asset Security
2.1 Identify and classify information and assets:
- Data classification
- Asset classification
2.2 Establish information and asset handling requirements:
- Information and asset ownership
- Asset inventory (for example, tangible or intangible)
- Asset management
2.3 Provision resources securely
2.4 Manage the data life cycle:
- Data roles (for example, owners, controllers, custodians, processors, and users/subjects)
- Data collection
- Data location
- Data maintenance
- Data retention
- Data remanence
- Data destruction
2.5 Ensure appropriate asset retention (for example, End-of-Life (EOL) or End-of-Support (EOS))
2.6 Determine data security controls and compliance requirements:
- Data states (for example, in use, in transit, or at rest)
- Scoping and tailoring
- Standards selection
- Data protection methods (for example, Digital Rights Management (DRM), Data Loss Prevention (DLP), or...
