ID.AM-07
Inventories of data and corresponding metadata for designated data types are maintained
Implementation examples
- Ex1: Maintain a list of the designated data types of interest (e.g., personally identifiable information, protected health information, financial account numbers, organization intellectual property, operational technology data)
- Ex2: Continuously discover and analyze ad hoc data to identify new instances of designated data types
- Ex3: Assign data classifications to designated data types through tags or labels
- Ex4: Track the provenance, data owner, and geolocation of each instance of designated data types
Mapped NIST 800-53 r5 controls (3)
All informative references (41)
- CCMv4.0: DSP-01
- CCMv4.0: DSP-03
- CCMv4.0: DSP-04
- CCMv4.0: DSP-06
- CCMv4.0: DSP-10
- CCMv4.0: DSP-19
- CCMv4.0: UEM-02
- CIS Controls v8.0: 3.2
- CIS Controls v8.1: 3.2
- CRI Profile v2.0: ID.AM-07
- CRI Profile v2.0: ID.AM-07.01
- Guardian-SDK: GS-TT-05
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 5.9
- NICE Framework: DD-WRL-002
- NICE Framework: IO-WRL-001
- NICE Framework: IO-WRL-002
- NICE Framework: IO-WRL-003
- NICE Framework: IO-WRL-005
- NICE Framework: OG-WRL-015
- OWASP Top 10 LLM Applications: LLM02-2025
- OWASP Top 10 LLM Applications: LLM04-2025
- OWASP Top 10 LLM Applications: LLM08-2025
- PCI DSS: 12.5.2
- PCI DSS: 3.2.1
- PCI DSS: 3.4.1
- PCI DSS: 3.4.2
- PCI DSS: 12.10.7
- SCF: DCH-06
- SCF: PRI-05
- SCF: PRI-05.5
- SP 800-171 Rev 3: 03.14.08
- SP 800-221A: MA.RI-1
- SP 800-53 Rev 5.1.1: CM-12
- SP 800-53 Rev 5.1.1: CM-13
- SP 800-53 Rev 5.1.1: SI-12
- SP 800-53 Rev 5.2.0: CM-12
- SP 800-53 Rev 5.2.0: CM-13
- SP 800-53 Rev 5.2.0: SI-12
- SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-12 Information Types
- SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-13 Information Life Cycle
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).