The NIST Cybersecurity IT Asset Management Practice Guide is a proof-of-concept solution demonstrating commercially available technologies that can be implemented to track the location and configuration of networked devices and software across an enterprise. Our example solution spans traditional physical asset tracking, IT asset information, physical security, and vulnerability and compliance information. Users can now query one system and gain insight into their entire IT asset portfolio.
This guide:
-
maps security characteristics to guidance and best practices from NIST and other standards organizations, including the PCI DSS
-
provides:
- a detailed example solution with capabilities that address security controls
- instructions for implementers and security engineers, including examples of all the necessary components for installation, configuration, and integration
-
is modular and uses products that are readily available and interoperable with your existing IT infrastructure and investments
While the NCCoE used a suite of commercial products to address this challenge, this guide does not endorse these particular products, nor does it guarantee compliance with any regulatory initiatives. Your organization’s information security experts should identify the products that will best integrate with your existing tools and IT system infrastructure. Your organization can adopt this solution or one that adheres to these guidelines in whole, or you can use this guide as a starting point for tailoring and implementing parts of a solution.
