💼 ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles

• Contextual name: 💼 ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles
• ID: /frameworks/nist-csf-v2.0/id-am/08
• Located in: 💼 Asset Management (ID.AM)

Description

1. Integrate cybersecurity considerations throughout the life cycles of systems, hardware, software, and services
2. Integrate cybersecurity considerations into product life cycles
3. Identify unofficial uses of technology to meet mission objectives (i.e., shadow IT)
4. Periodically identify redundant systems, hardware, software, and services that unnecessarily increase the organization's attack surface
5. Properly configure and secure systems, hardware, software, and services prior to their deployment in production
6. Update inventories when systems, hardware, software, and services are moved or transferred within the organization
7. Securely destroy stored data based on the organization's data retention policy using the prescribed destruction method, and keep and manage a record of the destructions
8. Securely sanitize data storage when hardware is being retired, decommissioned, reassigned, or sent for repairs or replacement
9. Offer methods for destroying paper, storage media, and other physical forms of data storage

Similar

• Sections
  • /frameworks/nist-csf-v1.1/pr-ds/03
  • /frameworks/nist-csf-v1.1/pr-ma/01
  • /frameworks/nist-csf-v1.1/pr-ma/02
  • /frameworks/nist-csf-v1.1/pr-ip/06
  • /frameworks/nist-sp-800-53-r5/cm/09
  • /frameworks/nist-sp-800-53-r5/cm/13
  • /frameworks/nist-sp-800-53-r5/ma/02
  • /frameworks/nist-sp-800-53-r5/ma/06
  • /frameworks/nist-sp-800-53-r5/pl/02
  • /frameworks/nist-sp-800-53-r5/pm/23
  • /frameworks/nist-sp-800-53-r5/pm/22
  • /frameworks/nist-sp-800-53-r5/sa/03
  • /frameworks/nist-sp-800-53-r5/sa/04
  • /frameworks/nist-sp-800-53-r5/sa/08
  • /frameworks/nist-sp-800-53-r5/sa/22
  • /frameworks/nist-sp-800-53-r5/si/12
  • /frameworks/nist-sp-800-53-r5/si/18
  • /frameworks/nist-sp-800-53-r5/sr/05
  • /frameworks/nist-sp-800-53-r5/sr/12

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition			2
💼 NIST CSF v1.1 → 💼 PR.IP-6: Data is destroyed according to policy
💼 NIST CSF v1.1 → 💼 PR.MA-1: Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools
💼 NIST CSF v1.1 → 💼 PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access		1	1
💼 NIST SP 800-53 Revision 5 → 💼 CM-9 Configuration Management Plan	1
💼 NIST SP 800-53 Revision 5 → 💼 CM-13 Data Action Mapping
💼 NIST SP 800-53 Revision 5 → 💼 MA-2 Controlled Maintenance	2
💼 NIST SP 800-53 Revision 5 → 💼 MA-6 Timely Maintenance	3
💼 NIST SP 800-53 Revision 5 → 💼 PL-2 System Security and Privacy Plans	3
💼 NIST SP 800-53 Revision 5 → 💼 PM-22 Personally Identifiable Information Quality Management
💼 NIST SP 800-53 Revision 5 → 💼 PM-23 Data Governance Body
💼 NIST SP 800-53 Revision 5 → 💼 SA-3 System Development Life Cycle	3
💼 NIST SP 800-53 Revision 5 → 💼 SA-4 Acquisition Process	12
💼 NIST SP 800-53 Revision 5 → 💼 SA-8 Security and Privacy Engineering Principles	33		1
💼 NIST SP 800-53 Revision 5 → 💼 SA-22 Unsupported System Components	1
💼 NIST SP 800-53 Revision 5 → 💼 SI-12 Information Management and Retention	3
💼 NIST SP 800-53 Revision 5 → 💼 SI-18 Personally Identifiable Information Quality Operations	5
💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods	2
💼 NIST SP 800-53 Revision 5 → 💼 SR-12 Component Disposal

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (3)

Policy	Logic Count	Flags
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢	1	🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢	1	🟢 x6
📝 AWS S3 Bucket MFA Delete is not enabled 🟠🟢	1	🟠 x1, 🟢 x6