The assets making up a system that are under control of the organisation are registered and tracked in the CMDB. System owners periodically check that the information in the CMDB regarding their systems is accurate and up-to-date.
System owners accurately maintain any documentation needed to deliver, describe, support and maintain the systems.
Specification
System owners need to make sure that the information in the CMDB is accurate and up-to-date.
Documentation includes servers, services, ports, protocols, interactions/dependencies between components (also on the same server), installed software versions, zoning information as well as physical location of assets (where relevant).
Also include logical and physical network access with purpose, firewall rules and types of network traffic.
Preferably, diagrams of relevant connections and data flows are available.
ISO 27001 & 27002:2022
A12.1.1
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
CO.01 Identificatie en onderhoud van configuratie-items
CO.02 Configuratie database en baseline