Standard:
YALE-MSS-2.1: Establish the scope of the IT System
YALE-MSS-2.1.2: Document and maintain your inventory and dependencies
Low Risk Endpoint
Not Required
Moderate Risk Endpoint
Not Required
High Risk Endpoint
Not Required
Low Risk Server
Not Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Not Required
High Risk Mobile Device
Not Required
Low Risk Network Printer
Not Required
Moderate Risk Network Printer
Not Required
High Risk Network Printer
Not Required
Details
The format you pick is completely up to you. The frequency that you update should be whenever there are:
- substantial changes
- upgrades to software
- change in responsibilities of who manages what.
This control ensures you document YALE-MSS-2.1.1 in a way that makes sense, and that the documentation is maintained over the lifespan of the IT system as it is changed or upgraded. The value of maintaining this documentation is it:
- Ensures you revisit the question of dependencies and security posture of those dependencies
- Ensures you make sure all the components of the IT system are actively managed and responsibilities clearly understood
- Ensures you can get support, outside opinions, or coverage in the event of a disaster
- Ensures you have the basis for creating financial plans for the ongoing support of the system
Your documentation should answer the following questions:
- What facilities are necessary?
- What components are dependent?
- Why an IT System is/is not impacted by specific component or facility loss?
- When was the last time the diagram was modified?
This documentation is often represented by architectural diagram(s). Architectural diagram(s) are pictures that should depict relationships between components.