Just as DISA has sent out RFI on ITAM solutions NIST & NCCOE issues a comprehensive special publication on guidance for ITAM solutions for use in both private and public sector.
The publication – special publication 1800 – has been developed with assistance from a wide range of organizations – private and public and covers espcially cybersecurity aspects of IT Asset control. And while many ITAM initiatives origins from license compliance or license optimization objectives this publication is highly focused on the security aspects of IT Asset Management which, from a RISK perspective, can have significantly higher impact to an organization.
Companies in the financial services sector can use this NIST Cybersecurity Practice Guide to more securely and efficiently monitor and manage their organization’s many information technology (IT) assets. IT asset management (ITAM) is foundational to an effective cybersecurity strategy and is prominently featured in the SANS Critical Security Controls and NIST Framework for Improving Critical Infrastructure Cybersecurity
The NIST Cybersecurity Practice Guides (Special Publication Series 1800) target specific cybersecurity challenges in the public and private sectors. They are practical, userfriendly guides that facilitate the adoption of standards-based approaches to cybersecurity. They show members of the information security community how to implement example solutions that help them align more easily with relevant standards and best practices,and provide users with the ma terials lists, configuration files, and other information they need to implement a similar approach. The documents in this series describe example implementations of cybersecurity practices that businesses and other organizations may voluntarily adopt. These documents do not describe regulations or mandatory practices, nor do they carry statutory authority.
From the abstract:
While a physical asset management system can tell you the location of a computer, it cannot answer questions like,“What operating systems are our laptops running?” and “Which devices are vulnerable to the latest threat?” An effective IT asset management (ITAM) solution can tie together physical and virtual assets and provide management with a complete picture of what, where, and how assets are being used.
ITAM enhances visibility for security analysts, which leads to better asset utilization and security.