CM-8 Information System Component Inventory
Description
Organizations may choose to implement centralized information system component inventories that include components from all organizational information systems. In such situations, organizations ensure that the resulting inventories include system-specific information required for proper component accountability (e.g., information system association, information system owner).
Information deemed necessary for effective accountability of information system components includes, for example:
- hardware inventory specifications,
- software license information,
- software version numbers,
- component owners, and
- for networked components or devices, machine names and network addresses.
Inventory specifications include, for example:
- manufacturer,
- device type,
- model,
- serial number, and
- physical location.
Applicability
The intended audience includes information resource owners and custodians; and pertains to information resources considered moderate or high impact.
Implementation
TAMU-CC shall:
- Develop, document, and maintain a current inventory of the components of the information system and relevant ownership information that:
- Accurately reflects the current information system;
- Includes all components within the authorization boundary of the information system;
- Is at the level of granularity deemed necessary for tracking and reporting; and
- Includes information deemed necessary to achieve effective information system component accountability; and
- Reviews and updates the information system component inventory annually.
Revision History
Last Updated: February 21, 2025
Previous Versions:
- June 29, 2023
- May 31, 2022
- March 25, 2021
- September 16, 2019