💼 CM-8 INFORMATION SYSTEM COMPONENT INVENTORY
- ID:
/frameworks/nist-sp-800-53-r4/cm/08
Description
The organization: CM-8a. Develops and documents an inventory of information system components that: CM-8a.1. Accurately reflects the current information system; CM-8a.2. Includes all components within the authorization boundary of the information system; CM-8a.3. Is at the level of granularity deemed necessary for tracking and reporting; and CM-8a.4. Includes [Assignment: organization-defined information deemed necessary to achieve effective information system component accountability]; and CM-8b. Reviews and updates the information system component inventory [Assignment: organization-defined frequency].
Similar
- Internal
- ID:
dec-c-7e3fc2e0
- ID:
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed | 18 | 24 | no data | ||
| 💼 NIST CSF v1.1 → 💼 ID.AM-1: Physical devices and systems within the organization are inventoried | 3 | no data | |||
| 💼 NIST CSF v1.1 → 💼 ID.AM-2: Software platforms and applications within the organization are inventoried | 5 | 7 | no data | ||
| 💼 NIST CSF v1.1 → 💼 PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition | 8 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CM-8 (1) UPDATES DURING INSTALLATIONS _ REMOVALS | no data | ||||
| 💼 CM-8 (2) AUTOMATED MAINTENANCE | no data | ||||
| 💼 CM-8 (3) AUTOMATED UNAUTHORIZED COMPONENT DETECTION | no data | ||||
| 💼 CM-8 (4) ACCOUNTABILITY INFORMATION | no data | ||||
| 💼 CM-8 (5) NO DUPLICATE ACCOUNTING OF COMPONENTS | no data | ||||
| 💼 CM-8 (6) ASSESSED CONFIGURATIONS _ APPROVED DEVIATIONS | no data | ||||
| 💼 CM-8 (7) CENTRALIZED REPOSITORY | no data | ||||
| 💼 CM-8 (8) AUTOMATED LOCATION TRACKING | no data | ||||
| 💼 CM-8 (9) ASSIGNMENT OF COMPONENTS TO SYSTEMS | no data |
Policies (2)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢 | 1 | 🟢 x6 | no data |
Internal Rules
| Rule | Policies | Flags |
|---|---|---|
| ✉️ dec-x-bcae85fb | 2 |