CM-8 (4) - Accountability Information
Control requirements
- CM-8 (4) - 0
- The organization includes in the information system component inventory information, a means for identifying by [IBM Assignment: asset owner/custodian], individuals responsible/accountable for administering those components.
Implementation guidance
See the resources that follow to learn more about how to implement this control.
NIST supplemental guidance
Identifying individuals who are both responsible and accountable for administering information system components helps to ensure that the assigned components are properly administered and organizations can contact those individuals if some action is required (e.g., component is determined to be the source of a breach/compromise, component needs to be recalled/replaced, or component needs to be relocated).