NIST CSF 2.0 · All Functions · ID Identify · ID.AM Asset Management

ID.AM-05

Assets are prioritized based on classification, criticality, resources, and impact on the mission

Implementation examples

Ex1: Define criteria for prioritizing each class of assets
Ex2: Apply the prioritization criteria to assets
Ex3: Track the asset priorities and update them periodically or when significant changes to the organization occur

Mapped NIST 800-53 r5 controls (3)

All informative references (44)

CCMv4.0: CEK-04
CCMv4.0: DCS-05
CCMv4.0: DSP-04
CIS Controls v8.0: 3.7
CIS Controls v8.1: 3.7
CRI Profile v2.0: ID.AM-05
CRI Profile v2.0: ID.AM-05.01
CRI Profile v2.0: ID.AM-05.02
CSF v1.1: ID.AM-5
CoP: A1
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 5.9
ISO/IEC 27001:2022: Annex A Controls: 5.12
ISO/IEC 27001:2022: Annex A Controls: 5.13
NICE Framework: DD-WRL-001
NICE Framework: DD-WRL-002
NICE Framework: IO-WRL-002
NICE Framework: IO-WRL-003
NICE Framework: IO-WRL-004
NICE Framework: IO-WRL-005
NICE Framework: OG-WRL-011
NICE Framework: OG-WRL-015
OWASP Top 10 LLM Applications: LLM02-2025
OWASP Top 10 LLM Applications: LLM04-2025
PCI DSS: 12.3.1
PCI DSS: 6.3.1
PCI DSS: 9.5.1.2.1
PCI DSS: 10.4.2.1
PCI DSS: 11.6.1
SCF: AST-04.1
SCF: BCD-02
SCF: TPM-02
SP 800-221A: MA.RI-1
SP 800-53 Rev 5.1.1: RA-03
SP 800-53 Rev 5.1.1: RA-09
SP 800-53 Rev 5.1.1: RA-02
SP 800-53 Rev 5.2.0: RA-03
SP 800-53 Rev 5.2.0: RA-09
SP 800-53 Rev 5.2.0: RA-02
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-6 Impact-Level Prioritization (Opt
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-8 Mission or Business Focus
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-10 Asset Identification
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).