Automation Support for Security Control Assessments: Volume 2: Hardware Asset Management

Dempsey, Kelley; Eavy, Paul; Moore, George

doi:https://doi.org/10.6028/NIST.IR.8011-2

NISTIR 8011 Vol. 2

Automation Support for Security Control Assessments: Volume 2: Hardware Asset Management

Documentation Topics

Date Published: June 2017

Planning Note (2/22/2023):

The NIST Risk Management Framework (RMF) team seeks feedback on our NIST IR 8011 series publications and their use.

See the Call for Feedback to learn more details about what we would like to know. Feedback can be sent to 8011comments@list.nist.gov; there is no closing date.

Author(s)

Kelley Dempsey (NIST), Paul Eavy (DHS), George Moore (APL)

Abstract

The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated assessment. This document, Volume 2 of NISTIR 8011, addresses the Hardware Asset Management (HWAM) information security capability. The focus of the HWAM capability is to manage risk created by unmanaged and/or unauthorized devices on a network. Unmanaged devices are targets that attackers can use to gain and more easily maintain a persistent platform from which to attack the rest of the network.

Keywords

assessment; assessment boundary; assessment method; authorization boundary; automated assessment; automation; capability; continuous diagnostics and mitigation; dashboard; defect; defect check; desired state specification; hardware asset management; information security continuous monitoring; inventory management; mitigation; ongoing assessment; root cause analysis; security automation; security capability; security control; security control assessment; actual state; security control item

Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Risk Assessment

Documentation

Publication:
NISTIR 8011 Vol. 2 (DOI)
Local Download

Supplemental Material:
None available

Other Parts of this Publication:
NISTIR 8011 Vol. 1
NISTIR 8011 Vol. 3
NISTIR 8011 Vol. 4

Related NIST Publications:
SP 800-53A Rev. 4
SP 800-53 Rev. 4

Document History:
02/02/16: NISTIR 8011 Vol. 2 (Draft)
06/06/17: NISTIR 8011 Vol. 2 (Final)

Topics

Security and Privacy
asset management; continuous monitoring; security automation; security controls

Technologies
hardware

Laws and Regulations
laws; OMB Circular A-130