Information and records (data) are managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information.
National Institute of Standards and Technology (NIST). (2024). The NIST Cybersecurity Framework (CSF) 2.0. https://www.nist.gov/cyberframework
