This standard is intended to be used for managing IT assets in particular, but it can also be applied to other asset types. It can be suitable, in whole or in part, for managing embedded software and firmware. It is not intended for managing information asset.
- controls over software modification, duplication and distribution, with particular emphasis on access and integrity controls;
- audit trails of authorizations and of changes made to IT assets;
- controls over licensing, underlicensing, overlicensing, and compliance with licensing terms and conditions;
- controls over situations involving mixed ownership and responsibilities, such as in cloud computing and with ‘Bring-Your-Own-Device’ (BYOD) practices;