Description
Develop and update [Assignment: organization-defined frequency] an inventory of organizational systems.
Supplemental Guidance
OMB provides guidance on developing systems inventories and associated reporting requirements. System inventory refers to an organization-wide inventory of systems, not system components as described in CM-08.
Changes from Rev 4
Title changed from 'Information System Inventory' to 'System Inventory'. Simplified description.
Compliance Mappings
ISO 27001:2022
A.5.9
ISO 27002:2022
5.9
COBIT 2019
BAI09
CIS Controls v8
CIS 1CIS 15.1CIS 3.2CIS 6.6
NIST CSF 2.0
ID.AM-01ID.AM-02ID.AM-04
CSA CCM v4
DSP-03DSP-06
CSA AICM v1
DSP-03DSP-06
FINOS CCC
CCC-C06
NIS2 Directive
Art. 21(2)(i)
PRA Operational Resilience
SS2/21-13.1
APRA CPS 234
Para 21
BIO2
5.9
RBI CSF
Annex1.1ITGRCA.9
FISC Security Guidelines
FISC.O1
LGPD + BCB 4893
BCB.Art.20
MLPS 2.0
8.1.10.1
DNB Good Practice
DNB.19.3DNB.5.2DNB.6.1
EU CRA
CRA.II.1CRA.Info.7
SAMA CSF
2.1
NCA ECC
2-1
UAE IA
T4
Qatar NIA
AMGV
CBE CSF
CRM-2
SA JS2
JS2-6.1
CBN CSF
Part3.1
BoG CISD
CISD-V
BoM CTRM
2.1
BCBS 239
Principle 4Principle 8
CPMI-IOSCO PFMI
CG.IDPFMI.P3
FFIEC IS
II.C.1II.C.13(e)II.C.5
NYDFS 500
500.13500.3
ECB CROE
CROE.2.2.1CROE.2.2.2
EBA ICT Guidelines
3.3.23.5(a)
SEBI CSCRF
ID.AM
DOE C2M2 v2.1
ASSET
AWIA
AWWA Sec 2
ISAE 3402
Clause 1Clause 9
NAIC Insurance Data Security
34-asset
PRA SS1/23
P1.1
HITRUST CSF v11
00.a00.c04.b07.a
ISO 27799
8.1
NHS DSPT
NDG-5.3NDG-8.1NDG-8.3
CCSS v9.0
1.02.3