Change document date to 09/08/2025

Author: DebLanger

exposure-management/classify-critical-assets.md

@@ -6,7 +6,7 @@ author: dlanger
 manager: ornat-spodek
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 07/23/2025
+ms.date: 09/08/2025
 ---
 
 # Review and classify critical assets
@@ -34,6 +34,9 @@ Impact analysis and crown jewels analysis are essential methodologies for identi
 
 The NIST Cybersecurity Framework (CSF) 800-53 also emphasizes guidance for asset management and criticality analysis, as outlined in ID.AM-05, which can be found at: [https://csf.tools/reference/nist-cybersecurity-framework/v2-0/id/id-am/id-am-05/](https://csf.tools/reference/nist-cybersecurity-framework/v2-0/id/id-am/id-am-05/).
 
+> [!NOTE]
+> When multiple classification rules apply to an asset, the rule with the highest criticality level takes precedence. This classification remains in effect until the asset no longer meets the criteria for that rule, at which point it will automatically revert to the next applicable classification level.
+
 ## Prerequisites
 
 Before you begin, ensure you meet the following requirements for working with critical assets in Microsoft Security Exposure Management.