ISMS Compliance
CyFun BasicIdentify

Identify

Asset management, governance, and risk assessment controls

Overview

The Identify function helps develop an organisational understanding of how to manage cybersecurity risks related to systems, people, assets, data, and capabilities.

Categories

Asset Management (ID.AM)

The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed.

ControlDescriptionStatusMaturity
ID.AM-1Physical device inventoryImplementedL2
ID.AM-2Software inventoryImplementedL2
ID.AM-3Communication and data flows mappedImplementedL2
ID.AM-4External information systems cataloguedImplementedL2
ID.AM-5Resources prioritisedImplementedL2

Governance (ID.GV)

The policies and procedures to manage and monitor regulatory, legal, risk, environmental, and operational requirements.

ControlDescriptionStatusMaturity
ID.GV-1Cybersecurity policy establishedImplementedL2
ID.GV-3Legal requirements understoodImplementedL2
ID.GV-4Risk management processesPartialL2

Risk Assessment (ID.RA)

The organisation understands cybersecurity risk to operations, assets, and individuals.

ControlDescriptionStatusMaturity
ID.RA-1Vulnerabilities identifiedImplementedL2
ID.RA-5Risk determinationImplementedL2

CyFun Basic Framework

Belgian CyberFundamentals Basic — 34 controls across 5 functions

ID.AM-1: Physical device inventory

Physical devices and systems within the organisation are inventoried

On this page

OverviewCategoriesAsset Management (ID.AM)Governance (ID.GV)Risk Assessment (ID.RA)