Asset Identification and Asset Identification Specification

Asset is anything that has value to an organization. It can be person, information technology system (IT), network, virtual machine or software. Asset Identification provides the method and format to identify and represent asset. There are many specifications available to identify assets automatically in an enterprise. Automated security specifications use varying mechanisms to identity assets which are incompatible, inconsistent and incomplete information. To address this issue, NIST has Asset specification which describes how assets may be identified by using a combination of zero or more canonical identifiers and some set of identifying information. Canonical identifiers are nothing but the identifiers assigned my many tools to manage them. This can be in the context of a namespace. If the assigned identifier is not available, information collectable or discoverable for assets can be used in accurate identification. Eg., hostname, IPv4address, MAC address from Devices, Fullname, location and organization from People and Name and type attributes from organization are some of the information which can be used to uniquely identify assets. This would provide complete and accurate information about each asset which can be used for reporting on metrics and automatic compatibility of identification with other specification. Check out the asset identification document at http://csrc.nist.gov/publications/drafts/ir7693/draft-NISTIR-7693-AI_20101204.pdf for further details on asset identification.