classification Controls

Assets are prioritized based on classification, criticality, and mission impact

Inventories of data and corresponding metadata for designated data types are maintained

Detected security incidents are evaluated and classified