12.1: Maintain an Inventory of Network Boundaries
Maintain an up-to-date inventory of all of the organization’s network boundaries.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Identify |
1, 2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Inputs
An inventory of expected boundary devices (M1) as derived from the endpoint inventory (see sub-control 1.4)
Operations
Utilize a discovery tool or process to examine the network topology to collect the list of devices considered boundary devices (M2).
Evaluate the complement of Input 1 and Operation 1 to get the list of non-inventoried boundary devices (M3).
Measures
M1 = List of expected network boundary devices
M2 = Count of M1
M3 = List of discovered network boundary devices
M4 = Count of M3
M5 = List of non-inventoried boundary devices
M6 = Count of M5
Metrics
Coverage
Metric |
What is the ratio of non-inventoried boundary devices to expected boundary devices?
If the calculated value is greater than zero, the inventory is not current.
|
Calculation |
|