David: Created page with "== Evidence Types and Assessment Approaches for AC.L2-3.1.1 Assessment Objective [c] == === Ranking of Evidence Types for Assessment Objective [c] === For the assessment objective "[c] devices (and other systems) authorized to connect to the system are identified," I recommend prioritizing evidence types in this order: 1. Artifacts: These provide the strongest evidence for this objective, including: - Network device inventories and asset management databases..."

2025-03-28T04:45:39Z

Created page with "== Evidence Types and Assessment Approaches for AC.L2-3.1.1 Assessment Objective [c] == === Ranking of Evidence Types for Assessment Objective [c] === For the assessment objective "[c] devices (and other systems) authorized to connect to the system are identified," I recommend prioritizing evidence types in this order: 1. **Artifacts**: These provide the strongest evidence for this objective, including: - Network device inventories and asset management databases..."

New page

== Evidence Types and Assessment Approaches for AC.L2-3.1.1 Assessment Objective [c] ==

=== Ranking of Evidence Types for Assessment Objective [c] ===

For the assessment objective "[c] devices (and other systems) authorized to connect to the system are identified," I recommend prioritizing evidence types in this order:

1. **Artifacts**: These provide the strongest evidence for this objective, including:
- Network device inventories and asset management databases
- Network access control (NAC) system records
- DHCP server leases and reservations
- Network diagrams showing authorized connections
- MAC address whitelists and device registration records

2. **Documents**: Supporting formal documentation including:
- Device authorization policies and procedures
- Network connection approval forms
- System security plans describing device connection requirements
- Network architecture documentation
- Authorized device lists with ownership information

3. **Screen Share**: Observing real-time demonstrations of:
- Network management systems showing connected devices
- Device registration processes
- Network monitoring dashboards
- Configuration of device authentication mechanisms

4. **Physical Review**: On-site examination to verify:
- Physical network infrastructure
- Device identification labels
- Physical access to network connection points
- Network equipment configurations

=== Prioritizing Assessment Approaches ===

For assessment objective [c], I recommend prioritizing the three assessment approaches as follows:

1. **Examine**: This should be your primary approach for this device-focused objective:
- Review lists of devices and systems authorized to connect to organizational systems
- Examine network device inventories and registration records
- Review network diagrams showing permitted connections
- Check device authentication and authorization procedures
- Examine network access control configurations

2. **Test**: Perform technical validation:
- Test network access control mechanisms to verify unauthorized devices cannot connect
- Observe device registration and authorization processes
- Verify that network monitoring systems accurately identify connected devices
- Confirm that device authentication methods work as documented

3. **Interview**: Complete your assessment with supporting interviews:
- Speak with network administrators about device authorization procedures
- Interview IT staff responsible for network access management
- Discuss device connection policies with security personnel
- Query system administrators about how they identify and track authorized devices

This prioritization recognizes that device authorization is fundamentally a documented and technically-enforced control, where examination of records and technical testing provide the most direct evidence that devices authorized to connect to the system are properly identified and tracked.

LLMResponse AC.L2-3.1.1.c - Revision history