CFG-08 ยท Sensitive / Regulated Data Access Enforcement

Control Description

Mechanisms exist to configure Technology Assets, Applications and/or Services (TAAS) to restrict access to sensitive/regulated data.

Control Question
Assessment question for control validation

Does the organization configure Technology Assets, Applications and/or Services (TAAS) to restrict access to sensitive/regulated data?

Control Weighting
7
Validation Cadence
Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: CFG-08
ESP Level 2: CFG-08
ESP Level 3: CFG-08
Errata & Additional Notes

- wordsmithed control