- 2.1) Identify and classify information and assets
- 2.2) Establish information and asset handling requirements
- 2.3) Provision resources securely
- 2.4) Manage data lifecycle
- 2.5) Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))
- 2.6) Determine data security controls and compliance requirements