AST-02—Asset Inventories

Weight: 10

>Control Description

Mechanisms exist to perform inventories of Technology Assets, Applications, Services and/or Data (TAASD) that: (1) Accurately reflects the current TAASD in use; (2) Identifies authorized software products, including business justification details; (3) Is at the level of granularity deemed necessary for tracking and reporting; (4) Includes organization-defined information deemed necessary to achieve effective property accountability; and (5) Is available for review and audit by designated organizational personnel.

>Control Description

>Cross-Framework Mappings

NIST SP 800-53 r5

NIST CSF 2.0

PCI DSS v4.0.1

CIS Controls v8

SOC 2 TSC

CMMC v2.0

NIST SP 800-171

FedRAMP Rev 5

NIST AI RMF

Canada ITSP 10.171

OSFI B-13

Australia Essential Eight

Australia ISM

India SEBI Guidelines

New Zealand HISF

EU DORA

Saudi Arabia IoT Guidelines

UAE NIAF

UK CAF

UK DEF STAN 05-138

SOC 2 TSC (Detailed)

CIS Controls v8.1 (Detailed)

GovRAMP

IMO Maritime Cyber Risk

ISO 27002:2022

NIST SP 800-161

NIST SP 800-171 Rev 3

NIST SP 800-171A Rev 3

NIST SP 800-171A

NIST SP 800-172

NIST SP 800-207 Zero Trust

NIST AI 600-1

Data Privacy Management Principles

DHS TIC 3.0

CISA CPG

DoD Zero Trust Roadmap

HIPAA Simplification 2013

NERC CIP

NY DFS 23 NYCRR 500

Ask AI