Changes to assets are evaluated and approved before being implemented, at least in an ad hoc manner
Context and Guidance: All proposed changes to inventoried assets are evaluated to understand their priority, benefits, risks, and impacts to functionality and security on the functions they support. Consider that these may differ across different kinds of IT, OT and information assets, such as virtualised assets, regulated assets, assets managed by a third party, bring your own device (BYOD) assets, cloud assets, mobile assets, field assets, assets reliant on specific infrastructure such as wireless networks or the Global Position System, and assets that may be considered to be part of the Internet of Things or Industrial Internet of Things.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ASSET-4a, ASSET-4d, ASSET-4e, ASSET-4f, ASSET-4h.