NIST Cybersecurity Framework - ID.AM-1 and IEEE 802.1X

NIST Cybersecurity Framework - ID.AM-1 and IEEE 802.1X

March 16, 2017

 Cybersecurity Framework of the National Institute of Standards and Technology provides best practices which are widely followed by security professionals.      The first principle listed in the Framework Core, is ID.AM-1,  "Physical devices and systems within the organization are inventoried".   This is analogous to CSC-1 of the Center for Internet Security's Critical Security Controls,  entitled, "Inventory of Authorized and Unauthorized Devices".   CSC-1 is specifically used as an informative  reference for NIST's ID.AM1.

 

If a company uses IEEE 802.1X as a standard for network access control, it must have such an inventory so it can distinguish between authorized and unauthorized devices.     Naturally this type of inventory is a great resource when performing electronic discovery.    CSC 1.4  states that, "Maintain an asset inventory of all systems connected to the network and the network devices themselves, recording at least the network addresses, machine name(s), purpose of each system, an asset owner responsible for each device, and the department associated with each device."   You can easily collect the hardware for agreed upon custodians with such an inventory.  

 

 

Please reload

Some elements on this page did not load. Refresh your site & try again.

Contact Me With Your Litigation Support Questions:

seankevinoshea@hotmail.com

  • Twitter Long Shadow

© 2015 by Sean O'Shea . Proudly created with Wix.com