Does your organization physically label all authorized hardware assets with unique identifiers for inventory tracking and servicing purposes?
Explanation
Physical labeling of hardware assets (such as servers, workstations, network devices, and peripherals) with unique identifiers ensures accurate tracking throughout their lifecycle and facilitates proper inventory management. This practice helps prevent unauthorized equipment from being connected to your network, simplifies asset management during audits, and enables efficient servicing and maintenance operations.
Evidence of compliance could include photographs of labeled assets, a documented labeling standard/procedure, or an asset inventory report that references the physical labels used on hardware. The labeling system should be consistent and the identifiers should correspond to entries in your asset management system.
Implementation Example
Physically label authorized hardware with an identifier for inventory and servicing purposes
ID: PR.AA-01.197
Context
- Function
- PR: PROTECT
- Category
- PR.AA: Identity Management, Authentication, and Access Control
- Sub-Category
- Identities and credentials for authorized users, services, and hardware are managed by the organization
Related questions
- Does your organization have a formal process to request, track, review, and fulfill access requests that includes appropriate approval from system or data owners?
- Does your organization have a formal process for managing the lifecycle of cryptographic certificates, keys, identity tokens, and other credentials?
- Does your organization use unique device identifiers based on immutable hardware characteristics or secure provisioning methods?
- Does your organization verify individuals' identities during enrollment using government-issued credentials?
- Does your organization issue unique credentials to each individual user and prohibit credential sharing?
- Has your organization implemented multifactor authentication (MFA) for all user access to systems containing sensitive data?

