myctrl.tools
Compare

PM-5System Inventory

>Control Description

Develop and update organization-defined frequency an inventory of organizational systems.

>Control Enhancements(1)

PM-5(1)

>Cross-Framework Mappings

SCF

AST-01
Compare
AST-02
Compare

>Supplemental Guidance

OMB A-130 provides guidance on developing systems inventories and associated reporting requirements. System inventory refers to an organization-wide inventory of systems, not system components as described in CM-8.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is the process for managing the system inventory across the organization?
  • How does the organization ensure the system inventory is complete, accurate, and current?
  • Who is responsible for maintaining and updating the system inventory?
  • How frequently is the system inventory reviewed and validated?
  • What governance exists for reconciling the system inventory with asset management and configuration management records?

Technical Implementation:

  • What systems maintain the authoritative system inventory?
  • How is system inventory data collected, validated, and updated?
  • What integration exists between system inventory and asset management or CMDB?
  • How are system boundaries and interconnections documented in the inventory?
  • What automation supports system inventory discovery and validation?

Evidence & Documentation:

  • Provide the current organizational system inventory.
  • Provide evidence of system inventory validation and updates.
  • Provide documentation of inventory reconciliation with asset management.
  • Provide records showing inventory accuracy checks.
  • Provide evidence of new system registration and decommissioned system removal.

Ask AI

Configure your API key to use AI features.