CSC 1.5: Useful Information

Ensure that the hardware asset inventory records the network address, hardware address, machine name, data asset owner, and department for each asset and whether the hardware asset has been approved to connect to the network. Ensure that the hardware asset inventory records the network address, hardware address, machine name, data asset owner, and department for each asset and whether the hardware asset has been approved to connect to the network.

 

CSC 1.4: the Mission

Maintain an accurate and up-to-date inventory of all technology assets with the potential to store or process information. This inventory shall include all hardware assets, whether connected to the organization's network or not.

CSC 1.4 contains the core mission of CSC 1: have an accurate Inventory of IT Stuff.  The other CSC 1 controls are just supporting ways that help deliver that core mission. 

CSC 1 Explained: Why

The CIS Critical Security Controls says the most important thing to do to secure your computers is to have a list of all your stuff.

They’re a little unclear by what this means.

The title tries to be specific: “Inventory and Control of Hardware Assets." Per Merriam Webster, asset means an owned item of value. Even if we add “hardware,” this could include lots of things: pizza boxes, mice, cables, radios, floppy diskettes, CNC lathes, security cameras, and monitors.

This is not what CIS is after.