Back

Record the asset tag for physical assets in the asset inventory.


CONTROL ID
06632
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an asset inventory., CC ID: 06631

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • record all details of the devices being taken, such as product types, serial numbers and International Mobile Equipment Identity numbers (Security Control: 1555; Revision: 0; Bullet 1, Australian Government Information Security Manual, March 2021)
  • Building management cables are labelled with their purpose in black writing on a yellow background, with a minimum size of 2.5 cm x 1 cm, and attached at five-metre intervals. (Security Control: 1639; Revision: 0, Australian Government Information Security Manual, March 2021)
  • the underlying platform (i.e. hardware platform and operating system), (§ 8.1.4 ¶ 2 Bullet 3, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • platform (e.g. operating system, type of network connection), (§ 8.1.7 ¶ 5 Bullet 3, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • platform (e.g. operating system, type of (network) connection), (§ 8.1.6 ¶ 5 Bullet 3, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • platform (e.g. hardware architecture/operating system), (§ 8.1.5 Subsection 1 ¶ 3 Bullet 3, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B and Attestation of Compliance, Revision 1.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire P2PE and Attestation of Compliance, Version 3.1)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the make and model of the device? (PCI DSS Question 9.9.1(a) Bullet 1, PCI DSS Self-Assessment Questionnaire B and Attestation of Compliance, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the make and model of the device? (PCI DSS Question 9.9.1(a) Bullet 1, PCI DSS Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the make and model of the device? (PCI DSS Question 9.9.1(a) Bullet 1, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the make and model of the device? (PCI DSS Question 9.9.1(a) Bullet 1, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the make and model of the device? (PCI DSS Question 9.9.1(a) Bullet 1, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the make and model of the device? (PCI DSS Question 9.9.1(a) Bullet 1, PCI DSS Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance, Version 3.0)
  • An essential step in protecting your mobile device is to record identifying attributes of the device and its use. These attributes include but are not limited to the following: - Serial number (hardware and electronic should match) - Model number - Operating system, firmware, and payment-acceptance … (¶ 5.6.1, PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, Version 1.1)
  • To help identify devices and control inventory, the merchant should mark each device with a unique identifier. For instance, mark the device with a ultra-violet (UV) security pen or an embedded RFI tag. (¶ 5.6.2, PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, Version 1.1)
  • Maintain an asset inventory of all systems connected to the network and the network devices themselves, recording at least the network addresses, machine name(s), purpose of each system, an asset owner responsible for each device, and the department associated with each device. The inventory should … (Control 1.4, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • Does the inventory system contain a field for the asset control tag? (§ D.1.1.1, Shared Assessments Standardized Information Gathering Questionnaire - D. Asset Management, 7.0)
  • Assigns a unique identifier for hardware assets. (App A Objective 4:3a Bullet 4, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)