CM-8: System Component Inventory
From NIST's SP800-53:
a. Develop and document an inventory of system components that: 1. Accurately reflects the system; 2. Includes all components within the system; 3. Does not include duplicate accounting of components or components assigned to any other system; 4. Is at the level of granularity deemed necessary for tracking and reporting; and 5. Includes the following information to achieve system component accountability: [Assignment: organization-defined information deemed necessary to achieve effective system component accountability]; and b. Review and update the system component inventory [Assignment: organization-defined frequency].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| ID.AM-1 | Physical devices and systems within the organization are inventoried |
| DE.CM-7 | Monitoring for unauthorized personnel, connections, devices, and software is performed |
| ID.AM-2 | Software platforms and applications within the organization are inventoried |
| PR.DS-3 | Assets are formally managed throughout removal, transfers, and disposition |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1221 | Template Injection | Defense Evasion |
| T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
| T1098.004 | SSH Authorized Keys | Persistence, Privilege Escalation |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1021.005 | VNC | Lateral Movement |
| T1557.002 | ARP Cache Poisoning | Collection, Credential Access |
| T1495 | Firmware Corruption | Impact |
| T1021.006 | Windows Remote Management | Lateral Movement |
| T1601.001 | Patch System Image | Defense Evasion |
| T1542.004 | ROMMONkit | Defense Evasion, Persistence |
| T1564.007 | VBA Stomping | Defense Evasion |
| T1557.003 | DHCP Spoofing | Collection, Credential Access |
| T1137.001 | Office Template Macros | Persistence |
| T1542.001 | System Firmware | Defense Evasion, Persistence |
| T1505 | Server Software Component | Persistence |
| T1072 | Software Deployment Tools | Execution, Lateral Movement |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1547.007 | Re-opened Applications | Persistence, Privilege Escalation |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |
| T1218.009 | Regsvcs/Regasm | Defense Evasion |
| T1195.003 | Compromise Hardware Supply Chain | Initial Access |
| T1021.003 | Distributed Component Object Model | Lateral Movement |
| T1559.002 | Dynamic Data Exchange | Execution |
| T1602 | Data from Configuration Repository | Collection |
| T1119 | Automated Collection | Collection |
| T1218.012 | Verclsid | Defense Evasion |
| T1059.007 | JavaScript | Execution |
| T1091 | Replication Through Removable Media | Initial Access, Lateral Movement |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay | Collection, Credential Access |
| T1218.004 | InstallUtil | Defense Evasion |
| T1574.004 | Dylib Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1203 | Exploitation for Client Execution | Execution |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1563.001 | SSH Hijacking | Lateral Movement |
| T1601 | Modify System Image | Defense Evasion |
| T1059.005 | Visual Basic | Execution |
| T1213.001 | Confluence | Collection |
| T1505.002 | Transport Agent | Persistence |
| T1218.013 | Mavinject | Defense Evasion |
| T1213.002 | Sharepoint | Collection |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1127 | Trusted Developer Utilities Proxy Execution | Defense Evasion |
| T1553.006 | Code Signing Policy Modification | Defense Evasion |
| T1059.001 | PowerShell | Execution |
| T1546.002 | Screensaver | Persistence, Privilege Escalation |
| T1564.006 | Run Virtual Instance | Defense Evasion |
| T1059 | Command and Scripting Interpreter | Execution |