NIST CSF 2.0 · All Functions · ID Identify · ID.AM Asset Management

ID.AM-03

Representations of the organization's authorized network communication and internal and external network data flows are maintained

Implementation examples

Ex1: Maintain baselines of communication and data flows within the organization's wired and wireless networks
Ex2: Maintain baselines of communication and data flows between the organization and third parties
Ex3: Maintain baselines of communication and data flows for the organization's infrastructure-as-a-service (IaaS) usage
Ex4: Maintain documentation of expected network ports, protocols, and services that are typically used among authorized systems

Mapped NIST 800-53 r5 controls (6)

AC-04 CA-03 CA-09 PL-02 PL-08 PM-07

All informative references (52)

CCMv4.0: DSP-05
CCMv4.0: DSP-10
CCMv4.0: IPY-01
CCMv4.0: IVS-03
CCMv4.0: IVS-09
CCMv4.0: LOG-05
CIS Controls v8.0: 3.8
CIS Controls v8.1: 3.8
CRI Profile v2.0: ID.AM-03
CRI Profile v2.0: ID.AM-03.01
CSF v1.1: ID.AM-3
CSF v1.1: DE.AE-1
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 5.14
ISO/IEC 27001:2022: Annex A Controls: 8.20
ISO/IEC 27001:2022: Annex A Controls: 8.21
ISO/IEC 27001:2022: Annex A Controls: 8.22
NICE Framework: DD-WRL-002
NICE Framework: DD-WRL-009
NICE Framework: IO-WRL-002
NICE Framework: IO-WRL-003
NICE Framework: IO-WRL-004
NICE Framework: IO-WRL-005
NICE Framework: OG-WRL-015
OWASP Top 10 LLM Applications: LLM01-2025
OWASP Top 10 LLM Applications: LLM02-2025
OWASP Top 10 LLM Applications: LLM05-2025
PCI DSS: 1.2.3
PCI DSS: 1.2.4
PCI DSS: 12.5.2
SCF: AST-04
SCF: DCH-19
SDOS: SDOS-AU-01
SDOS: SDOS-EN-04
SDOS: SDOS-GV-04
SP 800-171 Rev 3: 03.12.05
SP 800-171 Rev 3: 03.15.02
SP 800-53 Rev 5.1.1: AC-04
SP 800-53 Rev 5.1.1: CA-03
SP 800-53 Rev 5.1.1: CA-09
SP 800-53 Rev 5.1.1: PL-02
SP 800-53 Rev 5.1.1: PL-08
SP 800-53 Rev 5.1.1: PM-07
SP 800-53 Rev 5.2.0: AC-04
SP 800-53 Rev 5.2.0: CA-03
SP 800-53 Rev 5.2.0: CA-09
SP 800-53 Rev 5.2.0: PL-02
SP 800-53 Rev 5.2.0: PL-08
SP 800-53 Rev 5.2.0: PM-07
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-11 Authorization Boundary
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-13 Information Life Cycle
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-16 Enterprise Architecture

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).