AST — Asset Management
62 controls in the Asset Management domain
AST-01Asset Governance
AST-01.1Asset-Service Dependencies
AST-01.2Stakeholder Identification & Involvement
AST-01.3Standardized Naming Convention
AST-01.4Approved Technologies
AST-02Asset Inventories
AST-02.1Updates During Installations / Removals
AST-02.2Automated Unauthorized Component Detection
AST-02.3Component Duplication Avoidance
AST-02.4Approved Baseline Deviations
AST-02.5Network Access Control (NAC)
AST-02.6Dynamic Host Configuration Protocol (DHCP) Server Logging
AST-02.7Software Licensing Restrictions
AST-02.8Data Action Mapping
AST-02.9Configuration Management Database (CMDB)
AST-02.10Automated Location
Tracking
AST-02.11Component Assignment
AST-03Asset Ownership Assignment
AST-03.1Accountability Information
AST-03.2Provenance
AST-04Network Diagrams & Data Flow Diagrams (DFDs)
AST-04.1Asset Scope Classification
AST-04.2Control Applicability Boundary Graphical Representation
AST-04.3Compliance-Specific Asset Identification
AST-05Security of Assets & Media
AST-05.1Management Approval For External Media Transfer
AST-06Unattended End-User Equipment
AST-06.1Asset Storage In Automobiles
AST-07Kiosks & Point of Interaction (PoI) Devices
AST-08Physical Tampering Detection
AST-09Secure Disposal, Destruction or Re-Use of Equipment
AST-10Return of Assets
AST-11Removal of Assets
AST-12Use of Personal Devices
AST-13Use of Third-Party Devices
AST-14Usage Parameters
AST-14.1Bluetooth & Wireless Devices
AST-14.2Infrared Communications
AST-15Logical Tampering Protection
AST-15.1Technology Asset Inspections
AST-16Bring Your Own Device (BYOD) Usage
AST-17Prohibited Equipment & Services
AST-18Roots of Trust Protection
AST-19Telecommunications Equipment
AST-20Video Teleconference (VTC) Security
AST-21Voice Over Internet Protocol (VoIP) Security
AST-22Microphones & Web Cameras
AST-23Multi-Function Devices (MFD)
AST-24Travel-Only Devices
AST-25Re-Imaging Devices After Travel
AST-26System Administrative Processes
AST-27Jump Server
AST-28Database Administrative Processes
AST-28.1Database Management System (DBMS)
AST-29Radio Frequency Identification (RFID) Security
AST-29.1Contactless Access Control Systems
AST-30Decommissioning
AST-31Asset Categorization
AST-31.1Categorize Artificial Intelligence (AI)-Related Technologies
AST-31.2High-Risk Asset Categorization
AST-31.3Asset Attributes
AST-32Automated Network Asset Discovery