Back

Use a passive asset inventory discovery tool to identify assets when network mapping.


CONTROL ID
13735
CONTROL TYPE
Process or Activity
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Maintain up-to-date network diagrams., CC ID: 00531

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Here, a reasonable approach for the ISO could be to go to the various rooms of the organisation and to identify the relevant components that require power and if they could be networked via IT networks. The ISO should talk particularly to the colleagues of the building services team, but also the ot… (§ 8.1.7 Subsection 1 ¶ 2, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • The extent of critical infrastructure within the information domain shall be clearly tagged. Thereby all relevant interfaces should be included. (II.9.58 ¶ 1, Circular 10/2017 (BA): Supervisory Requirements for IT in Financial Institutions, 14.09.2018)
  • Utilize a passive discovery tool to identify devices connected to the organization's network and automatically update the organization's hardware asset inventory. (CIS Control 1: Sub-Control 1.2 Use a Passive Asset Discovery Tool, CIS Controls, 7.1)
  • Utilize a passive discovery tool to identify devices connected to the organization's network and automatically update the organization's hardware asset inventory. (CIS Control 1: Sub-Control 1.2 Use a Passive Asset Discovery Tool, CIS Controls, V7)
  • Use a passive discovery tool to identify assets connected to the enterprise's network. Review and use scans to update the enterprise's asset inventory at least weekly, or more frequently. (CIS Control 1: Safeguard 1.5 Use a Passive Asset Discovery Tool, CIS Controls, V8)
  • Data processing is mapped, illustrating the data actions and associated data elements for systems/products/services, including components; roles of the component owners/operators; and interactions of individuals or third parties with the systems/products/services. (ID.IM-P8, NIST Privacy Framework: A Tool For Improving Privacy Through Enterprise Risk Management, Version 1.0)
  • Identify network mapping and operating system (OS) fingerprinting activities. (T0299, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)