Asset and Data Identification
Determine which systems, networks, and data—such as CUI—are critical to your organization. Clearly define the boundaries of your environment and map sensitive data flows.

Attack Surface Mapping
Document how data moves through your environment, including storage locations, transmission paths, and interfaces with third parties. Highlight areas where attackers could gain access.