Asset Management (ID.AM)


The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.

  • ID.AM-1: Physical devices and systems within the organization are inventoried
  • ID.AM-2: Software platforms and applications within the organization are inventoried
  • ID.AM-3: Organizational communication and data flows are mapped
  • ID.AM-4: External information systems are catalogued
  • ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value
  • ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established


We need
  • Asset ID
  • Name
  • Location
  • IP <= IPAM
  • FQDN => DNS
  • MAC => DHCP
  • Group
  • Asset responsibility (role) =>