Skip to content
Home / Function (NIST CSF 2.0) / ID - Identify

AA – Assets

NIST CSF Category ID.AM
Managing assets — including hardware, software, data, and even personnel — is a foundational activity, and normative documents play a critical role in ensuring their protection. Standards and regulations, such as ISO/IEC 27001 for information security management and NIST SP 800-53 for security controls, provide structured guidance on identifying, classifying, and protecting assets. Regulatory bodies like the European Union Agency for Cybersecurity (ENISA) and national authorities such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) emphasize asset inventory, risk assessment, and lifecycle management to reduce exposure to threats. By following these frameworks, organizations can systematically safeguard critical assets, demonstrate compliance with laws, and ensure resilience against cyberattacks.