Requirement:
The cybersecurity requirements for managing information and technology assets must be implemented.
Control Implementation Guidelines:
- All cybersecurity requirements to manage information and technology assets of the organization, which may include the following
- Approved cybersecurity requirements for the management of information and technology assets in the organization must be implemented, including but not limited to, classifying all information and technology assets of the organization, documenting and approving them in an approved and official document (e.g., a documented record for the management of the organization's information and technology assets), as well as encoding all information and technology assets of the organization based on the approved classification of the organization's information and technology assets
- Specific procedures for dealing with assets based on their classification and in accordance with the relevant laws and regulations must be established
Expected Deliverables:
- Documents that confirm the implementation of cybersecurity requirements related to information and technology asset management as documented in the policy
- An action plan to implement the cybersecurity requirements of information and technology assets management
- A documented and up-to-date record of all information and technology assets (e.g., Excel spreadsheet or displayed through automated means using solutions such as CMDB) must be provided
- Specific procedures for dealing with assets based on their classification and in accordance with the relevant laws and regulations
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.