Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization includes in the information system component inventory information, a means for identifying by [FedRAMP Selection (one or more): name; position; role; (H) position and role], individuals responsible/accountable for administering those components.
NIST 800-53 (r4) Supplemental Guidance:
Identifying individuals who are both responsible and accountable for administering information system components helps to ensure that the assigned components are properly administered and organizations can contact those individuals if some action is required (e.g., component is determined to be the source of a breach/compromise, component needs to be recalled/replaced, or component needs to be relocated).
NIST 800-53 (r5) Discussion:
Identifying individuals who are responsible and accountable for administering system components ensures that the assigned components are properly administered and that organizations can contact those individuals if some action is required (e.g., when the component is determined to be the source of a breach, needs to be recalled or replaced, or needs to be relocated).
38North Guidance:
Meets Minimum Requirement:
The system inventory must identify asset owners/custodians responsible for administering those components.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
System inventory detailing all information system components (e.g., software, network components, etc.) deployed within the environment. Details about each system asset must be listed in a consistent manner and include the asset owner.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse