IG3

Use a Passive Asset Discovery Tool

Control Group: 1. Inventory and Control of Enterprise Assets

Asset Type: Devices

Security Function: Detect

Description

Use a passive discovery tool to identify assets connected to the enterprise’s network. Review and use scans to update the enterprise’s asset inventory at least weekly, or more frequently.

Implementation Checklist

1

Deploy detection tools or enable detection capabilities

2

Configure alerting thresholds and notification channels

3

Establish monitoring schedule and review process

4

Test detection capabilities with simulated events

5

Document detection procedures and escalation paths

6

Select and deploy inventory management tool

7

Populate initial inventory with all known assets

8

Establish process for adding/removing inventory entries

9

Select and configure vulnerability scanning tool

10

Define scan scope, frequency, and credentials

11

Establish vulnerability remediation SLAs by severity

12

Create exception/waiver process for unremediated findings

Tool Recommendations

Axonius Forrester Wave Leader, CAASM 2023

Cyber asset attack surface management platform providing comprehensive asset inventory across IT, cloud, SaaS, and OT environments

Axonius · Enterprise subscription

Lansweeper Gartner Peer Insights Customers' Choice, ITAM 2024

IT asset discovery and inventory platform scanning networks for hardware, software, and cloud assets

Lansweeper · Per-asset subscription

JupiterOne Forrester Wave Strong Performer, CAASM 2023

Cloud-native CAASM platform providing cyber asset visibility, context, and governance across all digital operations

JupiterOne · Enterprise subscription

Threats & Vulnerabilities (CIS RAM)

Threat Scenarios

Evasion of Active Scanning by Stealthy Implants

Confidentiality

Sophisticated implants that detect and evade active scans remain hidden; passive discovery through traffic analysis would detect their network communications.

Covert Data Exfiltration via Unmonitored Protocols

Confidentiality

Without passive traffic analysis, low-and-slow exfiltration over non-standard protocols or encrypted channels from unidentified assets goes unnoticed.

Vulnerabilities (When Safeguard Absent)

No Passive Network Traffic Analysis for Asset Discovery

Without passive discovery tools monitoring network traffic patterns, assets that do not respond to active probes or scans remain invisible to the inventory.

Limited Visibility into Encrypted or Non-Standard Communications

Passive discovery provides metadata about all communicating entities; without it, the organization misses devices using protocols that active scanners do not probe.

Evidence Requirements

Type	Evidence Item	Collection Frequency
Technical	Detection tool deployment evidence (dashboard screenshots, agent status)	Captured monthly
Technical	Sample alert/detection output demonstrating capability	Captured quarterly
Technical	Asset/software inventory export with required fields populated	Exported quarterly for review
Record	Inventory review meeting minutes or sign-off	Per review cycle
Technical	Vulnerability scan reports showing scope and findings	Per scan cycle
Record	Vulnerability remediation tracking with SLA compliance metrics	Monthly
Document	Governing policy document (current, approved, communicated)	Reviewed annually

Related Policy Templates

Enterprise Asset Management Policy

Control 1

Related Safeguards in Control 1

1.1 Establish and Maintain Detailed Enterprise Asset Inventory

1.2 Address Unauthorized Assets

1.3 Utilize an Active Discovery Tool

1.4 Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory