AST-01 - Asset Governance

Mechanisms exist to facilitate an IT Asset Management (ITAM) program to implement and manage asset management controls.

AST-01.1 - Asset-Service Dependencies

Mechanisms exist to identify and assess the security of technology assets that support more than one critical business function.

AST-01.2 - Stakeholder Identification & involvement

Mechanisms exist to identify and involve pertinent stakeholders of critical systems, applications and services to support the ongoing secure management of those assets.

AST-01.3 - Standardized Naming Convention

Mechanisms exist to implement a scalable, standardized naming convention for systems, applications and services that avoids asset naming conflicts.

AST-02 - Asset Inventories

Mechanisms exist to perform inventories of technology assets that: ▪ Accurately reflects the current systems, applications and services in use; ▪ Identifies authorized software products, including business justification details; ▪ Is at the level of granularity deemed necessary for tracking and reporting; ▪ Includes organization-defined information deemed necessary to achieve effective property accountability; and ▪ Is available for review and audit by designated organizational personnel.

AST-02.1 - Updates During Installations / Removals

Mechanisms exist to update asset inventories as part of component installations, removals and asset upgrades.