ID.AM-02
Inventories of software, services, and systems managed by the organization are maintained
Implementation examples
- Ex1: Maintain inventories for all types of software and services, including commercial-off-the-shelf, open-source, custom applications, API services, and cloud-based applications and services
- Ex2: Constantly monitor all platforms, including containers and virtual machines, for software and service inventory changes
- Ex3: Maintain an inventory of the organization's systems
Mapped NIST 800-53 r5 controls (5)
All informative references (44)
- BXAIOS: Chapter 5 - Blueprint the Ecosystem
- CCMv4.0: CCC-04
- CCMv4.0: DCS-06
- CCMv4.0: DSP-19
- CCMv4.0: UEM-02
- CCMv4.0: UEM-04
- CIS Controls v8.0: 2.1
- CIS Controls v8.1: 2.1
- CRI Profile v2.0: ID.AM-02
- CRI Profile v2.0: ID.AM-02.01
- CSF v1.1: ID.AM-2
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 5.9
- NICE Framework: DD-WRL-002
- NICE Framework: DD-WRL-005
- NICE Framework: DD-WRL-009
- NICE Framework: IO-WRL-002
- NICE Framework: IO-WRL-003
- NICE Framework: IO-WRL-004
- NICE Framework: IO-WRL-005
- NICE Framework: OG-WRL-015
- OWASP Top 10 LLM Applications: LLM03-2025
- OWASP Top 10 LLM Applications: LLM10-2025
- PCI DSS: 6.3.2
- PCI DSS: 12.5.1
- PCI DSS: 12.8.1
- PCI DSS: 6.4.3
- SCF: AST-02
- SDOS: SDOS-IA-02
- SDOS: SDOS-IN-03
- SP 800-171 Rev 3: 03.04.10
- SP 800-171 Rev 3: 03.16.03
- SP 800-221A: MA.RI-1
- SP 800-53 Rev 5.1.1: AC-20
- SP 800-53 Rev 5.1.1: CM-08
- SP 800-53 Rev 5.1.1: PM-05
- SP 800-53 Rev 5.1.1: SA-05
- SP 800-53 Rev 5.1.1: SA-09
- SP 800-53 Rev 5.2.0: AC-20
- SP 800-53 Rev 5.2.0: CM-08
- SP 800-53 Rev 5.2.0: PM-05
- SP 800-53 Rev 5.2.0: SA-05
- SP 800-53 Rev 5.2.0: SA-09
- SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-10 Asset Identification
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).