NIST SPECIAL PUBLICATION 1800 -5
IT Asset Management
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B);
and How -To Guide s (C)
Michael Stone
Chinedum Irrechukwu
Harry Perper
Devin Wynne
Leah Kauffman, Editor -in-Chief
This publication is available free of charge from: http://doi.org/10.6028/NIST.SP.1800 -5
The first draft of this publication is available free of charge from:
https://www.nccoe.nist.gov/sites/default/files/library/sp1800/fs -itam-nist-sp1800 -5-draft.pdf
NIST SPECIAL PUBLICATION 1800 -5
IT Asset Management
Includes Executive Summary (A); Approach, Architecture, an d Security Characteristics (B) ;
and How -To Guides (C)
Michael Stone
National Cybersecurity Center of Excellence
Information Technology Laboratory
Chinedum Irrechukwu
Harry Perper
Devin Wynne
The MITRE Corporation
McLean, VA
Leah Kauffman, Editor -in-Chief
National Cybersecurity Center of Excellence
Information Technology Laboratory
September 2018
U.S. Department of Commerce
Wilbur Ross , Secretary
National Institute of Standards and Technology
Walter G. Copan, Undersecretary of Commerce for Standards and Technology and Director
NIST SPECIAL PUBLICATION 1800 -5A
IT Asset Management
Volume A :
Executiv e Summary
Michael Stone
Leah Kauffman, Editor -in-Chief
National Cybersecurity Center of Excellence
Information Technology Laboratory
Chinedum Irrechukwu
Harry Perper
Devin Wynne
The MITRE Corporation
McLean, VA
September 2018
This publication is available free of charge from: http://doi.org/10.6028/NIST.SP.1800 -5
The first draft of this publication is available free of charge from:
https://www.nccoe.nist.gov/sites/default/files/library/sp1800/fs -itam-nist-sp1800 -5-draft.pdf
NIST SP 1800 -5A: IT Asset Management 1
This publication is available free of charge from: http://doi.org/10.6028/NIST.SP.1800 -5 Executive Summary
▪ The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of
Standards and Technology (NIST), developed an example solution that financial services
companies can use for a more secure and efficient way of monitoring and managing their many
information technology (IT) hardware and software assets.
▪ The security characteristics in our IT asset management platform are derived from the best
practices of standards organizations, including the Pay ment Card Industry Data Security
Standard (PCI DSS).
▪ The NCCoE’s approach uses open source and commercially available products that can be
included alongside current products in your existing infrastructure. It provides a centralized,
comprehensive view of networked hardware and software across an enterprise, reducing
vulnerabilities and response time to security alerts, and increasing resilience.
▪ The example solution is packaged as a “How To” guide that demonstrates implementation of
standards -based cybers ecurity technologies in the real world. The guide helps organizations gain
efficiencies in asset management, while saving them research and proof of concept costs.
CHALLENGE
Large financial services organizations employ tens or hundreds of thousands of ind ividuals. At this scale,
the technology base required to ensure smooth business operations (including computers, mobile
devices, operating systems, applications, data, and network resources) is massive. To effectively
manage, use, and secure each of those assets, you need to know their locations and functions. While
physical assets can be labeled with bar codes and tracked in a database, this approach does not answer
questions such as “What operating systems are our laptops running?” and “Which devices are
vulnerable to the latest threat?”
Computer security professionals
NIST.SP.1800-5
安全标准 >
NIST >
文档预览
中文文档
237 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共237页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:16:43上传分享