1. What is hardware inventory?
Hardware inventory is the comprehensive tracking and management of all hardware assets owned by an organization, including desktops, laptops, servers, and network devices. It is a required baseline control in CIS CSC Version 8 and most other best practices and regulatory guidance.
2. Why is hardware inventory important?
Hardware inventory is important because it allows organizations to better understand their attack surface and potential vulnerabilities by maintaining a detailed inventory. This data can be used to optimize hardware purchases over time, especially when performance data is also tracked.
3. How often should a hardware inventory be conducted?
It is recommended that a physical inventory of hardware assets be conducted at least once a year or when significant changes occur in the organization.
4. What information should be documented for each hardware asset?
All relevant information for each asset should be recorded, including make, model, serial number, location, owner, and software installed. Performance data is also a plus.
5. Where can I get sample policies and procedures?
You can find some sample policies and procedures here: https://stateofsecurity.com/hardware-inventory/