Asset Management Policy

SEC-04 was 141.10 (8.2)


Changes were made based on workgroup and community feedback to improve clarity for agency adoption and accountability. Updates to this policy draw from NIST 800-53 Security and Privacy Controls for Information Systems and Organizations. The business case for this policy is that a centralized inventory of hardware and software assets enables agencies to make sound business, technical, and legal decisions. This policy also helps agencies ensure only appropriate hardware is connected to the agency's network to allow for quick recognition of unauthorized devices.

Cover Sheet