top of page

NIST Cybersecurity Framework - ID.AM-1 and IEEE 802.1X

Cybersecurity Framework of the National Institute of Standards and Technology provides best practices which are widely followed by security professionals. The first principle listed in the Framework Core, is ID.AM-1, "Physical devices and systems within the organization are inventoried". This is analogous to CSC-1 of the Center for Internet Security's Critical Security Controls, entitled, "Inventory of Authorized and Unauthorized Devices". CSC-1 is specifically used as an informative reference for NIST's ID.AM1.

If a company uses IEEE 802.1X as a standard for network access control, it must have such an inventory so it can distinguish between authorized and unauthorized devices. Naturally this type of inventory is a great resource when performing electronic discovery. CSC 1.4 states that, "Maintain an asset inventory of all systems connected to the network and the network devices themselves, recording at least the network addresses, machine name(s), purpose of each system, an asset owner responsible for each device, and the department associated with each device." You can easily collect the hardware for agreed upon custodians with such an inventory.

bottom of page