Fillable template: Digital asset catalogue DOCX, 52 KB
Fillable templates provide instructions on the information required to be documented for certification.
Example: Digital asset catalogue DOCX, 553 KB
Examples provide sample text to help learners complete a template.
[insert organization name]
Digital asset catalogue
Disclaimer
Cybersecure Canada has developed this template for your use in relation to certification requirements for the eLearning series. It provides guidance as to how information can be organized and documented for certification. Cybersecure Canada does not guarantee a successful certification from use of this template. Organizations are not obliged to use this template and may provide the certification requirement(s) in a documented format best suited for them.
Template instructions
Instructions: instructions are provided in blue font within each section of this template. Upon completion of the template, delete these instructions.
It is recommended that users review the eLearning module for introduction to certification and the completed example of a digital catalogue.
This template is prepared for and by the cybersecure Canada certification program to help organizations develop the various policies, documentation and inventories required to meet the certification requirements of cybersecure Canada. Instructions end.
Revision history
Instructions: it is a best practice for organizations to ensure their policies are reviewed and updated regularly. Document what changes are made, when, and by whom.
The digital asset catalogue has been modified as follows:
| Date | Version | Modification | Modifier |
[date edited] | [document version] | [description of changes made] | [name of the editor] |
General security controls & justifications
Instructions:
- List the security control features that your organization has decided to implement universally on its hardware and software assets.
- For example: automatic patching – we have standardized enabling automatic patching wherever possible across our organization. This is to reduce the risk of malware.
[insert company name] has reviewed the devices and implemented the following security controls universally:
- [insert security feature and description]
- [insert security feature and description]
- [insert security feature and description]
- [insert security feature and description]
Inventory of assets
Instructions:
- The digital asset catalogue must consist of all your organization's digital assets including both hardware and software. This catalogue is foundational and is an inventory of all your organization's digital assets. It contains other required information for each of these assets that will be needed to comply with certification requirements.
- Please note that the inventory table is not the only method to catalogue the necessary information. Software that can track your hardware and software inventory is also available for purchase at the discretion of your organization. Organizations are encouraged to determine the best approach for their own needs.
- To begin completing the inventories below, organizations must take the following steps:
Step 1: list the hardware and software used in your organization (the first seven columns of the inventory table)
Step 2: using the list of hardware and software assets from step 1, complete the other columns in the table. The information required for the "security controls and justification" columns form part of the certification requirements for each security control area.
- The table below outlines which security control areas are relevant to that specific column and the title of the module in this eLearning series where you can find more information on this topic.
- As you progress through the certification requirements, you are encouraged to update this catalogue to reflect action/decisions taken.
Criticality | User Auth | Auto Patching | Remote Mgmt | Wi-fi | Blue Tooth | Shared Drive | Storage Encrypt | Onsite Backup | Offsite Backup | Perimeter Defense |
Backup and encrypt data | Use strong user authentication | Automatically patch operating systems and applications | Establish basic perimeter defences | Securely configure devices Secure mobility Establish basic perimeter defences | Securely configure devices | Implement access control and authorization | Securely configure devices Backup and encrypt Secure portable media | Backup and encrypt data | Backup and encrypt data | Establish basic perimeter defences |
IT hardware inventory
Id | Device type | Vendor | Model | Assignee | O/s | Purchase date | Security controls and justifications | |||||||||||
Criticality | User Auth | Auto Patching | Remote Mgmt | Wi-fi | Blue Tooth | Shared Drive | Storage Encrypt | Onsite Backup | Offsite Backup | Offline backup | Perimeter Defense | |||||||
1 | Laptop | Dell | Latitude 7410 standard | John doe | Windows 10 | 2020-03-01 | 1-critical can operate for two days without. Workaround: close temporarily. | 2fa standard | Auto Standard | Disabled Standard | Enabled Standard | Disabled standard | \\nas\exec executive use | Yes standard | \\nas\backup nightly | OneDrive Standard | Western digital hdd Monthly | Windows firewall standard |
IT software inventory
Id | Vendor | Software & version | Technical Owner | Update Method | Installed On | Confidential Info stored | Security controls and justifications | |||||||
Criticality | Hardening guide | Auto Patching | Remote mgmt | User Auth | Onsite Backup | Offsite Backup | Offline backup | |||||||
1 | Intuit | Quickbooks payroll | John doe | Auto | Cloud | Yes-sin | 1-critical can operate for two days without. Workaround: don't run payroll for the time being. | N/a | Auto standard | N/1 | Microsoft sso 2fa | \\nas\backup Nightly | OneDrive Standard | Western digital hdd Monthly |