The IT and OT inventory includes attributes that support cybersecurity activities (for example, location, asset priority, asset owner, operating system, and firmware versions)
Context and Guidance: Inventory attributes are details about assets that are included in asset inventories to enable management and consistent use of the assets. Including necessary information about assets to support cybersecurity program activities helps ensure that that information is available during periods of operational stress and does not have to be collected while in a state of crisis. For example, incident responders will be able to easily identify the priority, criticality, and location of machines that are affected by a bricking event and have to be replaced. Also, inventory attributes can be used to indicate aspects of assets that may require special attention or treatment, such as systems that use artificial intelligence or machine learning. Examples of potential inventory attributes include physical locations, network locations, importance to delivery of the function, impact if breached, end of life dates, end of support dates, operating system, firmware, versions.
Related Practices • Input From: Implementing ASSET-1a and ASSET-1b provides input that may be useful for implementing this practice.