Asset Management
Identify and manage hardware, software, data, and systems.
9 of 9 frameworks cover this control
Framework Mappings
How Asset Management maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | ID.AM-01 ID.AM-02 |
| ISO 27001 | Covered | A.5.9 A.8.1 |
| CIS v8 | Covered | CIS 1.1 CIS 2.1 |
| SOC 2 | Covered | CC6.1 |
| PCI DSS | Covered | 2.4 9.9.1 12.5.1 |
| CMMC | Covered | CM.L2-3.4.1 CM.L2-3.4.2 |
| 800-53 | Covered | CM-8 CM-9 PM-5 |
| HIPAA | Covered | §164.310(d)(1) §164.310(d)(2)(iii) |
| GDPR | Covered | Art.30(1) |
About Asset Management
Asset Management is a cybersecurity control in the Identify domain. Identify and manage hardware, software, data, and systems. Comprehensive asset management provides the visibility needed to protect what you own by maintaining accurate inventories of hardware devices, software applications, data stores, and cloud services. Without a complete asset inventory, organizations cannot effectively apply security controls, detect unauthorized devices, or ensure patch coverage. Implementation typically involves automated discovery tools, configuration management databases (CMDBs), and processes to track asset lifecycle from procurement through decommissioning.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.