CMMC Practice AM.4.226

Employ a capability to discover and identify systems with specific component attributes (e.g., firmware level, OS type) within your inventory.


CMMC Version 1.02, pg. 84

Bold Coast Security Guidance

A full inventory of all organizational systems is handy for a variety of reasons! From identifying any systems requiring updates, to checking for new devices on your network, its a necessary tool. You should also use the inventory to cross-check your patch and anti-malware installations for missing hosts. Create a policy addressing the need to have this inventory, and what information you will collect. Your plan for maturity level 2 should note how and where you are capturing that information, along with the responsible parties. Your inventory cross-check with other systems, along with a manual audit of systems, will help you measure the effectiveness of your inventory system for maturity level 4.

Discussion From Source

Organizations employ systems that can assess assets connected to the network in real time, or can create an inventory identifying system -specific information required for component accountability and to provide support to identify, control, monitor, and verify configuration items in accordance with the authoritative source. For user computing systems this should include: firmware level, OS type, drive type, network and wireless card vendors, monitor card type and vendor, and software applications installed on that system.