
26
InformatIon SecurIty PolIcy DeveloPment for comPlIance
Asset and Capacity Management
Describe how network and informational
assets are identified and maintained in an
IT asset inventory.
Define the requirement that IT asset
inventories must be performed at
leastannually.
ISO/IEC 27001 A.7.1.1 L512
NIST SP 800-53 CM-8 L513
PM-5 L514
HIPAA Standard
PCI DSS V2.0 9.9.1 L515
AUP V5.0 D.1 L516
P.1 L517
Describe how informational assets
identified in the IT asset inventory are
associated with and owned by a
specificindividual or a designated part
oftheorganization.
ISO/IEC 27001 A.7.1.2 L518
NIST SP 800-53 CM-8 L519
HIPAA Standard
PCI DSS V2.0
AUP V5.0 P.1 L520 ...