Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST NCCOE Release Cybersecurity Practice Guide, SP 1800-5, IT Asset Management: Financial Services

NIST NCCOE Releases Cybersecurity Practice Guide, SP 1800-5, IT Asset Management: Financial Services.

What's the guide about?

Financial institutions deploy a wide array of information technology devices, systems, and applications across a wide geographic area. While these physical assets can be labeled and tracked using bar codes and databases, understanding and controlling the cybersecurity resilience of those systems and applications is a much larger challenge. Not being able to track the location and configuration of networked devices and software can leave an organization vulnerable to security threats. Additionally, many financial services organizations include subsidiaries, branches, third-party partners, and contractors as well as temporary workers and guests; tracking and managing hardware and software across these groups adds another layer of complexity.

To address this cybersecurity challenge, NIST's National Cybersecurity Center of Excellence (NCCoE) security engineers developed an example solution that allows an organization to centrally monitor and gain deeper insight into their entire IT asset portfolio with an automated platform. Using open source and commercially available technologies, this example solution addresses questions such as "What operating systems are our laptops running?" and "Which devices are vulnerable to the latest threat?"

The example solution gives companies the ability to track, manage, and report on information assets throughout their entire life cycle. This can ultimately increase cybersecurity resilience by enhancing the visibility of assets, identifying vulnerable assets, enabling faster response to security alerts, revealing which applications are actually being used, and reducing help desk response times.

The final practice guide, which incorporates comments from the public and other stakeholders, is available for download in PDF or web viewing.

Released September 10, 2018