cisa-d4-operations-resilience-it-asset-management

IT Asset Management

isaca-cisa · framework · Gold standard

Drawn fromCISA Review Manual · ISACA peer-reviewed case sets·Reviewed May 4, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is IT Asset Management

IT Asset Management (ITAM) is the structured practice of tracking, governing, and optimizing every IT asset — hardware, software, infrastructure, and data — across its complete lifecycle: from acquisition through deployment, in-service maintenance, and secure disposal. ITAM combines financial, contractual, and operational information to support decisions about asset procurement, utilization, renewal, and retirement. The Configuration Management Database (CMDB) serves as the authoritative repository of asset records, relationships, and dependencies. ITAM is not a spreadsheet of computers; it is a governance discipline that ensures the organization knows what it owns, who is accountable for it, what it costs, and whether it complies with applicable policies and regulations.

Where it stops · what it isn't

—IS: Hardware assets (servers, endpoints, networking equipment, peripherals), software assets (licenses, subscriptions, SaaS), infrastructure assets (data center equipment, cloud resources), and data assets (classified by sensitivity and regulatory category)
—IS: Lifecycle management covering acquisition, deployment, in-service maintenance, change tracking, and secure disposal — with documented ownership and accountability at each stage
—IS: The CMDB as the system of record integrating asset inventory with relationships, dependencies, and configuration items (CIs) used for change, incident, and continuity processes
—IS NOT: Physical facilities management (buildings, furniture) unless those assets directly house or power IT infrastructure
—IS NOT: IT project portfolio management or IT financial management, though ITAM provides data inputs to both
—IS NOT: A replacement for dedicated cybersecurity vulnerability management, though both disciplines share data about installed software versions and patch levels
—IS NOT: A one-time audit activity — ITAM is a continuous operational discipline requiring ongoing discovery, reconciliation, and reporting

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Information Systems Operations and Business Resilience (ISACA CISA Domain 4)

REQUIRES

Configuration Management Database (CMDB)IT Service Level Management (operational baseline and metrics context)

ENABLES

IT Change and Configuration Management (provides authoritative asset baseline)Problem and Incident Management (supplies dependency maps and CI data for root-cause analysis)Business Continuity Planning (provides asset recovery priorities and restoration sequences)

RELATED TO

Systems Availability and Capacity ManagementIT Components and System Interfaces

CONSTRAINS

Software Licensing Compliance (defines entitlement boundaries)End-of-Life Asset Disposal (NIST SP 800-88, GDPR Article 5 boundaries)

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.