CM-8: System Component Inventory
NIST Baseline: Low
DIR Required By: 07/20/2023
Review Date: 06/26/2024
- Information resource custodians must develop, document, and maintain a current inventory of the components of the information system and relevant ownership information that:
- Accurately reflects the current information system;
- Includes all components within the authorization boundary of the information system;
- Is at the level of granularity deemed necessary for tracking and reporting; and
- Includes information deemed necessary to achieve effective information system component accountability; and
- Review and update the information system component inventory annually.
Note: Additional inventory requirements are documented in Control PM-5, System Inventory. Component inventories are included in the system security plans documented in Control PL-2, System Security and Privacy Plans, and the annual report on the information security program documented in Control PL-1, Security Planning Policy and Procedures.