Стандарт Банка России № СТО БР ИББС-1.0-2014 от 01.06.2014

/STANDARD
 Each organization has sensitive data. This data can be on its own activity (intellectual property, expertise, etc.) or its customers, individuals or users (personal data, contracts, etc.). In order to effectively protect your data, identifying it is essential. 

From this list of sensitive data, it will be possible to determine in which areas of the information system it is located (databases, file sharing, workstations, etc.). These components correspond to the servers and critical devices of the organization. To this end, they must be subject to specific security measures that may concern backup, logging, access, etc. 

Therefore, this involves creating and maintaining a simplified network diagram (or mapping) representing the different IP areas and the associated addressing plan, the routing and security devices (firewall, application relays, etc.) and the networks with the outside (Internet, private networks, etc.) and partners. This diagram must also be able to locate the servers holding the entity’s sensitive information.