DCHW-1 HW Baseline
Overview
A current and comprehensive baseline inventory of all hardware (HW) (to include manufacturer, type, model, physical location and network topology or architecture) required to support enclave operations is maintained by the Configuration Control Board (CCB) and as part of the SSAA. A backup copy of the inventory is stored in a fire-rated container or otherwise not collocated with the original.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| MACI MACII MACIII | High | Security Design and Configuration |
Details
| Threat |
|---|
| Organizations without a valid hardware baseline inventory are vulnerable to the introduction of unauthorized hardware to their IS. Additional concerns include not knowing what HW to use to rebuild a system after catastrophic loss. A current hardware baseline enables consistency within the environment and the rebuilding of information systems. |
| Guidance |
|---|
| 1. Each Component shall develop a current and comprehensive baseline inventory of all hardware (HW). 2. At a minimum the baseline shall include manufacturer, type, model, physical location and network topology or architecture required to support enclave operations. 3. Physical and logical location of hardware shall be recorded. 4. The baseline shall be maintained by the Configuration Control Board (CCB) and as part of the system security documentation. 5. A current and comprehensive backup copy of the inventory shall be stored in a fire-rated container or otherwise not collocated with the original. 6. Regular updates to the HW baseline shall be managed through the CCB. 7. The HW baseline shall be validated during turnover of duties to include but not limited to: management and operations. 8. The HW baseline shall be validated not less then annually. |
References
- ANSI/EIA-649 Configuration Management, “National Consensus Standard for Configuration Management”, July 1998