Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Automation Support for Security Control Assessments, Volume 2: Hardware Asset Management

Published

Author(s)

Kelley L. Dempsey, Paul Eavy, George Moore

Abstract

The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated assessment. This document, Volume 2 of NISTIR 8011, addresses the Hardware Asset Management (HWAM) information security capability. The focus of the HWAM capability is to manage risk created by unmanaged devices on a network. Unmanaged devices are targets that attackers can use to gain and more easily maintain a persistent platform from which to attack the rest of the network.
Citation
NIST Interagency/Internal Report (NISTIR) - 8011, Volume 2
Report Number
8011, Volume 2

Keywords

actual state, assessment, assessment boundary, assessment method, authorization boundary, automated assessment, automation, capability, continuous diagnostics and mitigation, dashboard, defect, defect check, desired state specification, hardware asset management, information security continuous monitoring, inventory management, mitigation, ongoing assessment, root cause analysis, security automation, security capability, security control, security control assessment, security control item

Citation

Dempsey, K. , Eavy, P. and Moore, G. (2017), Automation Support for Security Control Assessments, Volume 2: Hardware Asset Management, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8011-2 (Accessed February 26, 2024)
Created June 6, 2017, Updated November 10, 2018