Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

pe-20

asset monitoring and tracking

assessment objective:

Determine if the organization:  

pe-20(a)  

pe-20(a)[1]

defines assets whose location and movement are to be tracked and monitored;

pe-20(a)[2]

defines asset location technologies to be employed to track and monitor the location and movement of organization-defined assets;

pe-20(a)[3]

defines controlled areas within which to track and monitor organization-defined assets;

pe-20(a)[4]

employs organization-defined asset location technologies to track and monitor the location and movement of organization-defined assets within organization-defined controlled areas; and

pe-20(b)  

ensures that asset location technologies are employed in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards and guidance.

potential assessment methods and objects:

Examine: [select from: Physical and environmental protection policy; procedures addressing asset monitoring and tracking; asset location technologies and associated configuration documentation; list of organizational assets requiring tracking and monitoring; asset monitoring and tracking records; other relevant documents or records].

Interview: [select from: Organizational personnel with asset monitoring and tracking responsibilities; organizational personnel with information security responsibilities].

Test: [select from: Organizational processes for tracking and monitoring assets; automated mechanisms supporting and/or implementing tracking and monitoring of assets].