Doc:NIST SP 800-53r3 Appendix F/CM-8

From FISMApedia
Jump to: navigation, search

CM-8 INFORMATION SYSTEM COMPONENT INVENTORY

Control: The organization develops, documents, and maintains an inventory of information system components that:
a. Accurately reflects the current information system;
b. Is consistent with the authorization boundary of the information system;
c. Is at the level of granularity deemed necessary for tracking and reporting;
d. Includes [Assignment: organization-defined information deemed necessary to achieve effective property accountability]; and
e. Is available for review and audit by designated organizational officials.
Supplemental Guidance: Information deemed to be necessary by the organization to achieve effective property accountability can include, for example, hardware inventory specifications (manufacturer, type, model, serial number, physical location), software license information, information system/component owner, and for a networked component/device, the machine name and network address. Related controls: CM-2, CM-6.
Control Enhancements: