CM-08 Information System Component Inventory
Configuration Management
Description
The organization develops, documents, and maintains a current inventory of the components of the information system and relevant ownership information.\n
Supplemental Guidance
The organization determines the appropriate level of granularity for the information system components included in the inventory that are subject to management control (i.e., tracking, and reporting). The inventory of information system components includes any information determined to be necessary by the organization to achieve effective property accountability (e.g., manufacturer, model number, serial number, software license information, system/component owner). The component inventory is consistent with the accreditation boundary of the information system. Related security controls: CM-2, CM-6.\n
Changes from Rev 4
Adds 'Does not include duplicate accounting of components or components assigned to any other system' Discussion of accountability expanded Incorporates withdrawn control CM-8(5)
Enhancements
\n