August 31, 2016

Asset Management (ID.AM)

Objectives of Asset Management

The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.

  • ID.AM-1: Physical devices and systems within the organization are inventoried
  • ID.AM-2: Software platforms and applications within the organization are inventoried
  • ID.AM-3: Organizational communication and data flows are mapped
  • ID.AM-4: External information systems are catalogued
  • ID.AM-5: Resources (e.g., hardware, devices, data, and software) are prioritized based on their classification, criticality, and business value
  • ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established