Skip to main content

💼 CM-8 INFORMATION SYSTEM COMPONENT INVENTORY

  • Contextual name: 💼 CM-8 INFORMATION SYSTEM COMPONENT INVENTORY
  • ID: /frameworks/nist-sp-800-53-r4/cm/08
  • Located in: 💼 CM CONFIGURATION MANAGEMENT

Description

The organization: CM-8a. Develops and documents an inventory of information system components that: CM-8a.1. Accurately reflects the current information system; CM-8a.2. Includes all components within the authorization boundary of the information system; CM-8a.3. Is at the level of granularity deemed necessary for tracking and reporting; and CM-8a.4. Includes [Assignment: organization-defined information deemed necessary to achieve effective information system component accountability]; and CM-8b. Reviews and updates the information system component inventory [Assignment: organization-defined frequency].

Similar

  • Internal
    • ID: dec-c-7e3fc2e0

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed1823
💼 NIST CSF v1.1 → 💼 ID.AM-1: Physical devices and systems within the organization are inventoried3
💼 NIST CSF v1.1 → 💼 ID.AM-2: Software platforms and applications within the organization are inventoried57
💼 NIST CSF v1.1 → 💼 PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition7

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags
💼 CM-8 (1) UPDATES DURING INSTALLATIONS _ REMOVALS
💼 CM-8 (2) AUTOMATED MAINTENANCE
💼 CM-8 (3) AUTOMATED UNAUTHORIZED COMPONENT DETECTION
💼 CM-8 (4) ACCOUNTABILITY INFORMATION
💼 CM-8 (5) NO DUPLICATE ACCOUNTING OF COMPONENTS
💼 CM-8 (6) ASSESSED CONFIGURATIONS _ APPROVED DEVIATIONS
💼 CM-8 (7) CENTRALIZED REPOSITORY
💼 CM-8 (8) AUTOMATED LOCATION TRACKING
💼 CM-8 (9) ASSIGNMENT OF COMPONENTS TO SYSTEMS

Policies (2)

PolicyLogic CountFlags
📝 AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢1🟢 x6
📝 AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-bcae85fb2