NIST CSF 2.0 · All Functions · ID Identify

ID.AM — Asset Management

Assets (e.g., data, hardware, software, systems, facilities, services, people) that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization's risk strategy

ID.AM-01

Inventories of hardware managed by the organization are maintained

2 implementation example(s) · 2 mapped NIST 800-53 control(s)

ID.AM-02

Inventories of software, services, and systems managed by the organization are maintained

3 implementation example(s) · 5 mapped NIST 800-53 control(s)

ID.AM-03

Representations of the organization's authorized network communication and internal and external network data flows are maintained

4 implementation example(s) · 6 mapped NIST 800-53 control(s)

ID.AM-04

Inventories of services provided by suppliers are maintained

2 implementation example(s) · 3 mapped NIST 800-53 control(s)

ID.AM-05

Assets are prioritized based on classification, criticality, resources, and impact on the mission

3 implementation example(s) · 3 mapped NIST 800-53 control(s)

ID.AM-07

Inventories of data and corresponding metadata for designated data types are maintained

4 implementation example(s) · 3 mapped NIST 800-53 control(s)

ID.AM-08

Systems, hardware, software, services, and data are managed throughout their life cycles

9 implementation example(s) · 15 mapped NIST 800-53 control(s)

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).