Back

Establish, implement, and maintain an asset management policy.


CONTROL ID
15219
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Asset Management program., CC ID: 06630

This Control has the following implementation support Control(s):
  • Include coordination amongst entities in the asset management policy., CC ID: 16424
  • Establish, implement, and maintain asset management procedures., CC ID: 16748


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • It is necessary to safely and smoothly operate a system by formulating procedures for operation, management and usage approval of the system, and to inform all persons concerned of the procedures. (C6.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • An ICT equipment management policy is developed and implemented. (Security Control: 1551; Revision: 0, Australian Government Information Security Manual, March 2021)
  • An ICT equipment management policy is developed, implemented and maintained. (Control: ISM-1551; Revision: 1, Australian Government Information Security Manual, June 2023)
  • An ICT equipment management policy is developed, implemented and maintained. (Control: ISM-1551; Revision: 1, Australian Government Information Security Manual, September 2023)
  • human resources security, access control policies and asset management; (Article 21 2(i), DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive))
  • Moreover, for each of the objects represented there should be a minimum set of information which can be obtained from an assigned catalogue. As a minimum, the following information should be noted down for each IT system and other devices: (§ 8.1.4 ¶ 2, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Evaluation of the identified information assets is carried out according to the defined criteria and assigned to the existing classification scheme. (1.3.2 Requirements (must) Bullet 2, Information Security Assessment, Version 5.1)