Applicable (Y)es / (N)o |
(C)onfidentiality |
(I)ntegrity |
(A)vailability |
RPN (C+I+A) |
(S)atisfactory |
||||||
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
(O)ther than satisfactory +## |
||
|
|
|
|
|
|
|
|
|
|
|
|
###
pe-20 |
asset monitoring and tracking |
||
|
assessment objective: Determine if the organization: |
||
pe-20(a) |
pe-20(a)[1] |
defines assets whose location and movement are to be tracked and monitored; |
|
pe-20(a)[2] |
defines asset location technologies to be employed to track and monitor the location and movement of organization-defined assets; |
||
pe-20(a)[3] |
defines controlled areas within which to track and monitor organization-defined assets; |
||
pe-20(a)[4] |
employs organization-defined asset location technologies to track and monitor the location and movement of organization-defined assets within organization-defined controlled areas; and |
||
pe-20(b) |
ensures that asset location technologies are employed in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards and guidance. |
||
potential assessment methods and objects: Examine: [select from: Physical and environmental protection policy; procedures addressing asset monitoring and tracking; asset location technologies and associated configuration documentation; list of organizational assets requiring tracking and monitoring; asset monitoring and tracking records; other relevant documents or records]. Interview: [select from: Organizational personnel with asset monitoring and tracking responsibilities; organizational personnel with information security responsibilities]. Test: [select from: Organizational processes for tracking and monitoring assets; automated mechanisms supporting and/or implementing tracking and monitoring of assets]. |