Skip to content
    Home / Function (NIST CSF 2.0) / ID - Identify

    AA – Assets

    NIST CSF Category ID.AM
    Managing assets — including hardware, software, data, and even personnel — is a foundational activity, and normative documents play a critical role in ensuring their protection. Standards and regulations, such as ISO/IEC 27001 for information security management and NIST SP 800-53 for security controls, provide structured guidance on identifying, classifying, and protecting assets. Regulatory bodies like the European Union Agency for Cybersecurity (ENISA) and national authorities such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) emphasize asset inventory, risk assessment, and lifecycle management to reduce exposure to threats. By following these frameworks, organizations can systematically safeguard critical assets, demonstrate compliance with laws, and ensure resilience against cyberattacks.

    CISA Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators

    The CISA guidance titled “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators” provides operational technology (OT) owners and operators across critical infrastructure sectors with practical, step-by-step recommendations… Read More »CISA Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators