Inventories of hardware assets are maintained
You cannot protect assets you do not know exist. A complete, current inventory of every device (laptops, servers, phones, network gear) is the foundation that every other security control depends on. Without it, you cannot enforce patch management, detect unauthorized devices, or scope your audit accurately.
Implementation steps
- 1
Choose an inventory method
For teams under 20 devices, a shared spreadsheet works. For larger teams, use automated discovery via an MDM or network scanner so the list stays current without manual effort.
jamfkandjimicrosoft-intunenmaplansweeper - 2
Record required fields for each device
At minimum capture: device name, owner, asset type (laptop/server/mobile), OS and version, serial number, purchase date, and physical or remote location.
- 3
Mark the review date and assign an owner
The inventory is only useful if it stays accurate. Set a monthly calendar event and assign one named person responsible for reconciling new devices and removing departed employees' assets.
Evidence required
Asset inventory document or MDM export
A spreadsheet, MDM report, or system export listing all managed devices with required fields populated.
- · Jamf Pro device inventory CSV export
- · Microsoft Intune managed devices list
- · Google Sheet with device list, owners, and serial numbers
Proof of recent review
Evidence that the inventory was reviewed and reconciled within the last 30 days.
- · Last-modified timestamp on the spreadsheet
- · MDM last-sync timestamp
- · Calendar invite or ticket showing the monthly review
Related controls
Inventories of software assets are maintained
Asset Management
Authorized network communication and data flow representations are maintained
Asset Management
Inventories of services provided by suppliers are maintained
Asset Management
Assets are prioritized based on classification, criticality, and mission impact
Asset Management