CM-12: Information Location

From NIST's SP800-53:

a. Identify and document the location of [Assignment: organization-defined information] and the specific system components on which the information is processed and stored; b. Identify and document the users who have access to the system and system components where the information is processed and stored; and c. Document changes to the location (i.e., system or system components) where the information is processed and stored.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1025	Data from Removable Media	Collection
T1005	Data from Local System	Collection