13.1: Maintain an Inventory of Sensitive Information

Tenable Security Center does support an MDM integration solution, however the purpose is to detect vulnerabilities on mobile devices. The details of data stored on mobile devices is not recorded in data received from the MDM solutions. Whichever MDM solution that the organization is using should support requiring encryption to be enabled.

Asset Type	Security Function	Implementation Groups
Data	Identify	1, 2, 3

Dependencies

Sub-control 1.4: Maintain Detailed Asset Inventory

Inputs

Classification Scheme: The organizationally-defined classification scheme.
Sensitive information data set: The data set of sensitive information for which the organization is responsible, mapped to the classification scheme defined by I1.
1. Review the available Tenable Audit files to see if an existing audit file is available.
Endpoint/system mapping: A mapping of an organization’s endpoints/systems containing sensitive information classified by I2. Ideally, this uses the endpoint inventory (sub-control 1.4).
1. This can be the output of any matches found using audit scans with content audit file templates.

Operations

Create the mappings of information deemed “sensitive” to the organization’s classification scheme.
Create the mappings of classified, sensitive information to the endpoints/systems on which that information is stored.

Measures

M1:
- 1 if the mappings of “sensitive” information to the organization’s classification scheme is provided.
- 0 if the mappings of “sensitive” information to the organization’s classification scheme is not provided.
M2:
- 1 if the mappings of classified, sensitive information to the endpoints/systems on which it resides is provided.
- 0 if the mappings of classified, sensitive information to the endpoints/systems on which it resides is not provided.

Metrics

Existence

Metric	Calculation
The inventory of all sensitive information, cross-referenced with the systems on which that information is kept.	M1 AND M2