ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles
Ex1: Integrate cybersecurity considerations throughout the life cycles of systems, hardware, software, and services
Ex2: Integrate cybersecurity considerations into product life cycles
Ex3: Identify unofficial uses of technology to meet mission objectives (i.e., “shadow IT”)
Ex4: Periodically identify redundant systems, hardware, software, and services that unnecessarily increase the organization’s attack surface
Ex5: Properly configure and secure systems, hardware, software, and services prior to their deployment in production
Ex6: Update inventories when systems, hardware, software, and services are moved or transferred within the organization
Ex7: Securely destroy stored data based on the organization’s data retention policy using the prescribed destruction method, and keep and manage a record of the destructions
Ex8: Securely sanitize data storage when hardware is being retired, decommissioned, reassigned, or sent for repairs or replacement
Ex9: Offer methods for destroying paper, storage media, and other physical forms of data storage
Tier
Description
Systems, hardware, software, services, and data are managed throughout their life cycles