The organization will maintain asset trails for inventory management and reporting, including how new hardware is added and old hardware removed. [UCF ID 00689]
Supporting and supported controls
This control directly supports:
• Identify information processes, applications, and systems significant to the organization [UCF Common Control ID 00688]
This control has the following supporting controls:
• Environmental survey [UCF Common Control ID 00690]
• Maintain a hardware inventory [UCF Common Control ID 00691]
• Software inventory [UCF Common Control ID 00692]
• Networking inventory [UCF Common Control ID 00693]
• Maintain an accurate media inventory [UCF Common Control ID 00694]
• Document, database, and messaging inventory [UCF Common Control ID 01260]
Authority documents complied with:
FFIEC IT Examination Handbook – Information Security Exam Tier II Obj B.1; FFIEC IT Examination Handbook – Operations Exam Tier I Q 4.1, Tier II Q A.1; FFIEC IT Examination Handbook – Wholesale Payment Systems Exam Tier I Obj 1.2; FFIEC IT Examination Handbook – Retail Payment Systems Exam Tier I Obj 1.2, Exam Tier I Obj 3.4, Exam Tier I Obj 4.3; Disaster / Emergency Management and Business Continuity, NFPA 1600 Ch 5.5.4; The Standard of Good Practice for Information Security SM4.3.1(c ), CI1.3.1; HIPAA (Health Insurance Portability and Accountability Act) .308(a)(7)(ii)(E); ISO 17799:2000, Code of Practice for Information Security Management § 5.1; Security Self-Assessment Guide, NIST SP 800-26 Q 8.2.7
Metrics
The metrics associated with this control are as follows:
• Report on the percentage of scheduled asset inventories that occurred on time [UCF Common Control ID 02055]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.