The information asset inventory includes attributes that support cybersecurity activities (for example, asset category, backup locations and frequencies, storage locations, asset owner, cybersecurity requirements)
Context and Guidance: Information asset inventory attributes are details about assets that are included in asset inventories to enable management and consistent use of the assets. Including necessary information about assets to support the cybersecurity program strategy helps ensure that that information is available during periods of operational stress and does not have to be collected while in a state of crisis. For example, response to and recovery from a cybersecurity incident may be expedited if the information asset inventory provides the location of backups for information assets that are important to the delivery of the function (e.g., SCADA set points).Additionally, organisations should consider the different kinds of assets that may be within the scope of the evaluation, such as virtualised assets, regulated assets, cloud assets, and mobile assets.
Related Practices • Input From: Implementing ASSET-2a provides input that may be useful for implementing this practice.