1: Inventory and Control of Hardware Assets

PF v1.0 References:

Threats Addressed:

Control Statement

Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]


1.2: Use a Passive Asset Discovery Tool

Utilize a passive discovery tool to identify devices connected to the organization's network and automatically update the organization's hardware asset inventory.

1.4: Maintain Detailed Asset Inventory

Maintain an accurate and up-to-date inventory of all technology assets with the potential to store or process information. This inventory shall include all hardware assets, whether connected to the organization's network or not.

1.5: Maintain Asset Inventory Information

Ensure that the hardware asset inventory records the network address, hardware address, machine name, data asset owner, and department for each asset and whether the hardware asset has been approved to connect to the network.

1.6: Address Unauthorized Assets

Ensure that unauthorized assets are either removed from the network, quarantined, or the inventory is updated in a timely manner.

1.7: Deploy Port Level Access Control

Utilize port level access control, following 802.1x standards, to control which devices can authenticate to the network. The authentication system shall be tied into the hardware asset inventory data to ensure only authorized devices can connect to the network.