How to Create a Hardware and Software Inventory for your System Security Plan
By: Omer Kaan Aslim
November 02, 2021
Every system security plan should include or reference a hardware and software inventory.
System Security Plans for meeting NIST SP 800-171 requirements should have a hardware and software inventory either included in the plan or referenced in the plan. Here is how to create those inventories.
Creating a Hardware Inventory
A hardware inventory is used to document all of the components that make up an information system. These hardware components include but are not limited : laptops, desktops, physical servers, switches, routers, firewalls, smartphones, tablets, printers, scanners, and VOIP switches.
A hardware Inventory can be documented in an excel spreadsheet. The hardware inventory should document: The make, model, serial number, location (e.g., Office, Remote), assigned user, organization ownership, and status (in use, spare, excessed) of the device.
If your organization is small, you can document and maintain your hardware inventory manually. If you are a larger organization, investing in an IT inventory system may yield a good return on investment.
Creating a Software Inventory
A software inventory documents the software used in your information system. If you are a small organization you can document this manually however if you are a larger organization, investing in a tool that tracks the software installed on your devices is a good strategy.
A software inventory should contain the following information for each software in use in your information system: developer Name (e.g., Microsoft, Adobe), software name (e.g., Acrobat), and versions in production.
After you create your hardware and software inventories you need to ensure that they remain accurate. Periodically review these documents as required. If you are a small organization an annual review is sufficient. Larger organizations may need to review their inventories more regularly as new devices are put into production.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance