Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization updates the inventory of information system components as an integral part of component installations, removals, and information system updates.
NIST 800-53 (r4) Supplemental Guidance:
None
NIST 800-53 (r5) Discussion:
Organizations can improve the accuracy, completeness, and consistency of system component inventories if the inventories are updated as part of component installations or removals or during general system updates. If inventories are not updated at these key times, there is a greater likelihood that the information will not be appropriately captured and documented. System updates include hardware, software, and firmware components.
38North Guidance:
Meets Minimum Requirement:
The asset inventory must be updated when changes occur that impact components listed in the inventory. Changes include deployment of new cloud resources, relocation of systems, or removal/disposal of system components.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Evidence of reviews/updates of the system component inventory, as an integral part of component installations, removals, and information system updates.
Observe the inventory process showing how inventory is generated prior to running a vulnerability scan.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse