Asset Management
Asset management involves obtaining and continually updating an accurate inventory of all IT assets, discovering security gaps related to the asset's presence or configuration, and enforcing security requirements to rapidly address the identified gaps. It is important to maintain up to date inventory and asset controls to ensure that equipment locations and dispositions are understood. Lost or stolen equipment can contain sensitive data. Proper asset management procedures and protocols provide documentation that aids in recovery, replacement, criminal, and insurance activities.
| Category | Sub-Category | Name | Activity |
|---|---|---|---|---|
Asset Management | Device and | Inventory Management | [The organization] maintains an inventory of system devices, which is reconciled [in accordance with the organization-defined frequency]. | |
Asset Management | Device and Media Inventory | Inventory Management: Payment Card Systems | [The organization's] asset inventory includes in-scope cardholder related systems, devices, and media. | |
Asset Management | Device and Media | Inventory Labels | [The organization's] assets are labelled and have designated owners. | |
Asset Management | Device and Media | Asset Transportation | [The organization] authorizes and records the entry and exit of systems at datacenter locations. | |
Asset Management | Device and Media Transportation | Asset Transportation Documentation | [The organization] documents the transportation of physical media outside of datacenters. | |
Asset Management | Device and Media Transportation | Use of Portable Media | The use of portable media in [the organization] datacenters is prohibited unless explicitly authorized by management. | |
Asset Management | Component Installation and Maintenance | Maintenance of Assets | Equipment maintenance is documented and approved according to management requirements. | |
Asset Management | Component Installation and Maintenance | Tampering of Payment Card Capture Devices | Devices that physically capture payment card data are inspected for evidence of tampering [in accordance with the organization-defined frequency]. |