CISOBot - Your AI CISO Assistant

AST-02

Asset Inventories

Weight: 10/10

Description

Mechanisms exist to perform inventories of Technology Assets, Applications, Services and/or Data (TAASD) that: (1) Accurately reflects the current TAASD in use; (2) Identifies authorized software products, including business justification details; (3) Is at the level of granularity deemed necessary for tracking and reporting; (4) Includes organization-defined information deemed necessary to achieve effective property accountability; and (5) Is available for review and audit by designated organizational personnel.

Control Question

Does the organization perform inventories of Technology Assets, Applications, Services and/or Data (TAASD) that: (1) Accurately reflects the current TAASD in use; (2) Identifies authorized software products, including business justification details; (3) Is at the level of granularity deemed necessary for tracking and reporting; (4) Includes organization-defined information deemed necessary to achieve effective property accountability; and (5) Is available for review and audit by designated organizational personnel?

Control Metadata

Domain:

Asset Management

Validation Cadence:

Annual

Evidence Request List:

E-AST-04 E-AST-05 E-AST-07

Framework Mappings

This control maps to the following compliance frameworks

MAS TRM

3.3.1(a)3.3.2

HKIA GL20

2.12.22.3

Have questions about this control?

Ask CISOBot for implementation guidance and best practices