Skip to main content

πŸ’Ό CM-8 INFORMATION SYSTEM COMPONENT INVENTORY

  • Contextual name: πŸ’Ό CM-8 INFORMATION SYSTEM COMPONENT INVENTORY
  • ID: /frameworks/nist-sp-800-53-r4/cm/08
  • Located in: πŸ’Ό CM CONFIGURATION MANAGEMENT

Description​

The organization: CM-8a. Develops and documents an inventory of information system components that: CM-8a.1. Accurately reflects the current information system; CM-8a.2. Includes all components within the authorization boundary of the information system; CM-8a.3. Is at the level of granularity deemed necessary for tracking and reporting; and CM-8a.4. Includes [Assignment: organization-defined information deemed necessary to achieve effective information system component accountability]; and CM-8b. Reviews and updates the information system component inventory [Assignment: organization-defined frequency].

Similar​

  • Internal
    • ID: dec-c-7e3fc2e0

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed1923
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.AM-1: Physical devices and systems within the organization are inventoried2
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.AM-2: Software platforms and applications within the organization are inventoried46
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition2

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CM-8 (1) UPDATES DURING INSTALLATIONS _ REMOVALS
πŸ’Ό CM-8 (2) AUTOMATED MAINTENANCE
πŸ’Ό CM-8 (3) AUTOMATED UNAUTHORIZED COMPONENT DETECTION
πŸ’Ό CM-8 (4) ACCOUNTABILITY INFORMATION
πŸ’Ό CM-8 (5) NO DUPLICATE ACCOUNTING OF COMPONENTS
πŸ’Ό CM-8 (6) ASSESSED CONFIGURATIONS _ APPROVED DEVIATIONS
πŸ’Ό CM-8 (7) CENTRALIZED REPOSITORY
πŸ’Ό CM-8 (8) AUTOMATED LOCATION TRACKING
πŸ’Ό CM-8 (9) ASSIGNMENT OF COMPONENTS TO SYSTEMS

Policies (2)​

PolicyLogic CountFlags
πŸ“ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-bcae85fb2