The IT Law Wiki


National Institute of Standards and Technology Interagency or Internal Report, Automation Support for Security Control Assessments (NISTIR 8011) (June 2017)


The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011, Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated assessment.

Volume 2 of NISTIR 8011 addresses the Hardware Asset Management (HWAM) information security capability. The focus of the HWAM capability is to manage risk created by unmanaged and/or unauthorized devices on a network. Unmanaged devices are targets that attackers can use to gain and more easily maintain a persistent platform from which to attack the rest of the network.