TABLE OF CONTENTS The prudent heir takes careful inventory of his legacies and gives a faithful accounting to those whom he owes an obligation of trust.
John F. Kennedy
All Certification Packages are required to include a software and hardware inventory of the applications and systems that are being accredited. You ll also need this hardware and software inventory when you develop your Business Impact Assessment. Hardware and software should be thought of as assets. All key assets that make up the information system should be reported.
One of the biggest problems in putting together a hardware and software inventory is figuring out which systems and applications belong in the inventory, and are within the boundaries of the information system you are certifying. It is possible that the organization that developed the information system you are accrediting never formally acknowledged or described the boundaries. However, you can still come up with clear boundaries based on certain guidelines. As a general rule, the hardware and software assets of the information system that you plan on accrediting should:
Have the same general security requirements
Be managed by the same information system owner
Have a consistent organizational function or mission
Have consistent operational characteristics (geographical locations, network zones, security zones, firewall policies, etc.)
You will also need to list all the components of major assets on which the information system is dependent. Remember, the term information system is a general term for the item that you are describing in the Certification...
