Subcontrol 1.2

[adammontville]

Utilize a passive discovery tool to identify devices connected to the organization's network and automatically update the organization's hardware asset inventory.

Measures

M1 = number of assets discovered (SNMP agent)
M2 = total number of assets(given)
M3 = time asset discovered(SNMP agent)
M4 = time asset appeared(given)
M5 = Max time discovery(given)

Metrics

Coverage (Quality Measure) [0-1] = M1 / M2
Freshness (Time to Discover) [1-0] = (M3 - M4) / M5

[apiperCIS]

UNCC said: In relation to 1.1, the passive or active testing isn't going to affect the metric itself, only the coverage.

[apiperCIS]

Similar or same comments and rough proposal as 1.1, just replace "active" in 1.1 with "passive" for 1.2

[apiperCIS]

Sub-Control Dependencies 12.1 Inventory of Network Boundaries (internal note: you essentially need to know the networks to have created the list of network boundaries...not sure if we should list this dependency or not.)

Inputs 1) List of the organization's networks 2) List of passive asset discovery tools in use by the organization. For each, include the location of the tool's configuration information and which networks it covers. 3) Approved configuration(s) for each passive asset discovery tool. Configurations should include the settings necessary for the tool to be able to update the organization's hardware asset inventory.

Operations 1) For each passive asset discovery tool provided in Input 2, check the tool's configuration against the appropriate approved configuration from Input 3. Create a list of those tools that are properly configured (M1) and a list of those tools that are improperly configured (M2) noting the deviations from proper configuration. 2) For each of the organization's networks provided in Input 1, check Input 2 and M1 to ensure that at least one properly configured passive asset discovery tool covers that network. Create a list of the organization's networks that have coverage from at least one properly configured passive asset discovery tool (M3) and a list of the organization's networks that do not have coverage from any properly configured passive asset discovery tools (M4).

Measures M1: List of properly configured passive asset discovery tools (compliant tool list) M2: List of improperly configured passive asset discovery tools (non-compliant tool list) M3: List of organization's networks with coverage from at least one properly configured passive asset discovery tool (compliant network list) M4: List of organization's networks that do not have coverage from any properly configured passive asset discovery tool (non-compliant network list) M5: Count of networks with coverage from at least one properly configured passive asset discovery tool (count of M3) M6: Total count of the organization's networks (count of Input 1)

Metrics Ratio of the organization's networks with coverage from at least one properly configured passive asset discovery tool: M5 / M6

[apiperCIS]

The above proposal is different than the proposal in 1.1. I think the above proposal better reflects the Level 1 style proposals that we've decided on since the 1.1 proposal was written. If others agree, we should also use this for 1.1 (replacing all the occurrences of "passive" with "active" for 1.1).