Security Requirements for 03.04.10 System Component Inventory

System components are discrete, identifiable assets (i.e., hardware, software, and firmware elements) that compose a system. Organizations may implement centralized system component inventories that include components from all systems. In such situations, organizations ensure that the inventories include the system-specific information required for component accountability. The information necessary for effective accountability of system components includes the system name, software owners, software version numbers, software license information, hardware inventory specifications, and — for networked components — the machine names and network addresses for all implemented protocols (e.g., IPv4, IPv6). Inventory specifications include component type, physical location, date of receipt, manufacturer, cost, model, serial number, and supplier information.

View CPRT 03.04.10

  1. 03.04.10.a

    Develop and document an inventory of system components.

  1. 03.04.10.b

    Review and update the system component inventory [Assignment: organization-defined frequency].

  1. 03.04.10.c

    Update the system component inventory as part of installations, removals, and system updates.