Skip to main content
AST

Asset Management

62 controls

Manage all technology assets from purchase through disposition, both physical and virtual, to ensure secured use, regardless of the asset’s location.

SCF # Control Name Weight NIST CSF Frameworks
AST-01 Asset Governance 10 — Critical Govern 92
AST-01.1 Asset-Service Dependencies 5 — Medium Identify 31
AST-01.2 Stakeholder Identification & Involvement 5 — Medium Identify 24
AST-01.3 Standardized Naming Convention 5 — Medium Identify 1
AST-01.4 Approved Technologies 7 — High Identify 4
AST-02 Asset Inventories 10 — Critical Identify 120
AST-02.1 Updates During Installations / Removals 7 — High Identify 42
AST-02.2 Automated Unauthorized Component Detection 3 — Low Detect 32
AST-02.3 Component Duplication Avoidance 2 — Low Identify 37
AST-02.4 Approved Baseline Deviations 8 — High Identify 14
AST-02.5 Network Access Control (NAC) 4 — Medium Protect 17
AST-02.6 Dynamic Host Configuration Protocol (DHCP) Server Logging 3 — Low Identify 5
AST-02.7 Software Licensing Restrictions 8 — High Identify 19
AST-02.8 Data Action Mapping 9 — Critical Identify 26
AST-02.9 Configuration Management Database (CMDB) 5 — Medium Identify 39
AST-02.10 Automated Location Tracking 5 — Medium Identify 5
AST-02.11 Component Assignment 3 — Low Identify 4
AST-03 Asset Ownership Assignment 8 — High Identify 37
AST-03.1 Accountability Information 5 — Medium Identify 24
AST-03.2 Provenance 8 — High Identify 15
AST-04 Network Diagrams & Data Flow Diagrams (DFDs) 10 — Critical Identify 85
AST-04.1 Asset Scope Classification 8 — High Identify 41
AST-04.2 Control Applicability Boundary Graphical Representation 6 — Medium Identify 18
AST-04.3 Compliance-Specific Asset Identification 6 — Medium Identify 11
AST-05 Security of Assets & Media 8 — High Identify 22
AST-05.1 Management Approval For External Media Transfer 8 — High Protect 11
AST-06 Unattended End-User Equipment 9 — Critical Protect 13
AST-06.1 Asset Storage In Automobiles 7 — High Protect 1
AST-07 Kiosks & Point of Interaction (PoI) Devices 8 — High Protect 12
AST-08 Physical Tampering Detection 9 — Critical Detect 15
AST-09 Secure Disposal, Destruction or Re-Use of Equipment 10 — Critical Identify 76
AST-10 Return of Assets 8 — High Protect 13
AST-11 Removal of Assets 8 — High Protect 12
AST-12 Use of Personal Devices 10 — Critical Protect 9
AST-13 Use of Third-Party Devices 9 — Critical Protect 8
AST-14 Usage Parameters 7 — High Identify 11
AST-14.1 Bluetooth & Wireless Devices 7 — High Protect 3
AST-14.2 Infrared Communications 5 — Medium Protect 2
AST-15 Logical Tampering Protection 6 — Medium Protect 29
AST-15.1 Technology Asset Inspections 6 — Medium Detect 29
AST-16 Bring Your Own Device (BYOD) Usage 10 — Critical Identify 20
AST-17 Prohibited Equipment & Services 9 — Critical Protect 9
AST-18 Roots of Trust Protection 4 — Medium Protect 10
AST-19 Telecommunications Equipment 9 — Critical Protect 3
AST-20 Video Teleconference (VTC) Security 8 — High Protect 4
AST-21 Voice Over Internet Protocol (VoIP) Security 8 — High Protect 3
AST-22 Microphones & Web Cameras 8 — High Protect 2
AST-23 Multi-Function Devices (MFD) 8 — High Protect 4
AST-24 Travel-Only Devices 8 — High Protect 7
AST-25 Re-Imaging Devices After Travel 8 — High Protect 7
AST-26 System Administrative Processes 9 — Critical Identify 3
AST-27 Jump Server 7 — High Protect 10
AST-28 Database Administrative Processes 9 — Critical Identify 5
AST-28.1 Database Management System (DBMS) 6 — Medium Protect 4
AST-29 Radio Frequency Identification (RFID) Security 3 — Low Protect 1
AST-29.1 Contactless Access Control Systems 3 — Low Protect 1
AST-30 Decommissioning 4 — Medium Protect 6
AST-31 Asset Categorization 9 — Critical Identify 8
AST-31.1 Categorize Artificial Intelligence (AI)-Related Technologies 9 — Critical Identify 3
AST-31.2 High-Risk Asset Categorization 9 — Critical Protect 3
AST-31.3 Asset Attributes 5 — Medium Protect 1
AST-32 Automated Network Asset Discovery 3 — Low Protect 1

The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.

Manage SCF Controls in SCF Connect

Streamline your compliance program with automated control tracking, evidence management, and framework mapping.

Get Started Free