Does your organization have a process to securely share asset inventory information with security detection systems and personnel?
Explanation
Feeding asset data to your defenses is the concern here, namely whether you have a secure process for sharing asset inventory information with detection systems and security staff. Effective security monitoring requires visibility into what assets exist in your environment so that detection technologies can properly identify anomalies, unauthorized assets, or potential security incidents involving known assets.
Evidence could include documentation of integration between asset management systems and security tools (such as SIEM, EDR, or vulnerability scanners), access control policies for asset inventory data, or procedures for securely sharing asset information with security personnel during incident response.
Implementation Example
Securely provide information from asset inventories to detection technologies, processes, and personnel
ID: DE.AE-07.304
Context
- Function
- DE: DETECT
- Category
- DE.AE: Adverse Event Analysis
- Sub-Category
- Cyber threat intelligence and other contextual information are integrated into the analysis
Related questions
- Has your organization established and maintained a baseline of network operations and expected data flows for users and systems?
- Does your organization use SIEM or similar tools to continuously monitor log events for malicious and suspicious activity?
- Does your organization integrate current cyber threat intelligence feeds into your log analysis and monitoring tools?
- Does your organization conduct regular manual reviews of log events for systems that cannot be adequately monitored through automated means?
- Does your organization utilize log analysis tools to generate actionable reports from log data?
- Does your organization centralize log data by continuously transferring logs from multiple sources to a consolidated set of log servers?

