+AM-03 Hardware Asset Inventory
---+AM-03.01B

1. Übersicht

AM-03 Hardware Asset Inventory

AM-03.01B

The hardware asset inventory maintained by the cloud service provider (cf. AM-02) includes information for each entry that:

1. Enables the identification of the hardware asset;
2. Provides visibility into the lifecycle of the hardware asset; and
3. Enables the cloud service provider to control the hardware asset, perform a risk assessment and protect its information security.

This basic criterion can, but does not have to, be fulfilled by including the following details for each entry of the hardware asset inventory:

1. Identification details (such as name, IP address, MAC address, etc.);
2. The function of the asset;
3. The model of the asset;
4. The location of the asset;
5. The owner of the asset; and
6. Information security requirements for the asset.

An 'asset owner' is an individual or role assigned with the responsibility and accountability for managing and protecting an organisation's asset and does not imply legal ownership of the assets.

If cloud service customers operate virtual machines or containers with the cloud service, the cloud service provider inventories the containers and document their life cycle (cf. OPS-34).

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html