Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8011 Vol. 2

Automation Support for Security Control Assessments: Volume 2: Hardware Asset Management

Date Published: June 2017

Planning Note (02/22/2023):

The NIST Risk Management Framework (RMF) team seeks feedback on our NIST IR 8011 series publications and their use.

See the Call for Feedback to learn more details about what we would like to know. Feedback can be sent to; there is no closing date.


Kelley Dempsey (NIST), Paul Eavy (DHS), George Moore (APL)



assessment; assessment boundary; assessment method; authorization boundary; automated assessment; automation; capability; continuous diagnostics and mitigation; dashboard; defect; defect check; desired state specification; hardware asset management; information security continuous monitoring; inventory management; mitigation; ongoing assessment; root cause analysis; security automation; security capability; security control; security control assessment; actual state; security control item
Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Risk Assessment


Download URL

Supplemental Material:
None available

Publication Volumes:
IR 8011 Vol. 1
IR 8011 Vol. 3
IR 8011 Vol. 4

Related NIST Publications:
SP 800-53A Rev. 4
SP 800-53 Rev. 4

Document History:
02/02/16: IR 8011 Vol. 2 (Draft)
06/06/17: IR 8011 Vol. 2 (Final)


Security and Privacy

asset management, continuous monitoring, security automation, security controls



Laws and Regulations

laws, OMB Circular A-130