Hardware and Software Inventory

How to Create a Hardware and Software Inventory for your System Security Plan

Every system security plan should include or reference a hardware and software inventory.

Join our newsletter:
System Security Plans for meeting NIST SP 800-171 requirements should have a hardware and software inventory either included in the plan or referenced in the plan. Here is how to create those inventories.

Creating a Hardware Inventory

Stacked Laptops
A hardware inventory is used to document all of the components that make up an information system. These hardware components include but are not limited : laptops, desktops, physical servers, switches, routers, firewalls, smartphones, tablets, printers, scanners, and VOIP switches.
A hardware Inventory can be documented in an excel spreadsheet. The hardware inventory should document: The make, model, serial number, location (e.g., Office, Remote), assigned user, organization ownership, and status (in use, spare, excessed) of the device.
If your organization is small, you can document and maintain your hardware inventory manually. If you are a larger organization, investing in an IT inventory system may yield a good return on investment.

Creating a Software Inventory

A software inventory documents the software used in your information system. If you are a small organization you can document this manually however if you are a larger organization, investing in a tool that tracks the software installed on your devices is a good strategy.
A software inventory should contain the following information for each software in use in your information system: developer Name (e.g., Microsoft, Adobe), software name (e.g., Acrobat), and versions in production.

Maintaining Inventories

After you create your hardware and software inventories you need to ensure that they remain accurate. Periodically review these documents as required. If you are a small organization an annual review is sufficient. Larger organizations may need to review their inventories more regularly as new devices are put into production.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.