GRCWatch
Sign inStart free trial

CIS Control 1.5: Use a Passive Asset Discovery Tool

Asset visibility is the foundation of effective security governance. CIS Control 1.5 requires deploying passive discovery tools to identify all devices connected to your enterprise network, ensuring your asset inventory stays current and complete. Without automated discovery, shadow IT and unknown endpoints create compliance gaps and security blind spots.

What this means

Passive asset discovery tools monitor network traffic and configurations to automatically detect connected devices without requiring agent installation or active scanning that might disrupt operations. This control mandates maintaining an accurate, up-to-date inventory by running discovery scans at least weekly and immediately incorporating findings into your authoritative asset register.

How to comply

  1. 1.Deploy a passive network discovery tool that captures traffic analysis and device fingerprinting across your network infrastructure
  2. 2.Configure the tool to run automated scans at least weekly, with more frequent scanning for high-risk or dynamic network segments
  3. 3.Establish a process to review discovery results and validate detected assets against your authoritative asset inventory
  4. 4.Update your asset inventory database with newly discovered devices, capturing device type, owner, location, and business function
  5. 5.Document the discovery tool's coverage, including network segments monitored and any blind spots or exclusions
  6. 6.Train IT staff on the discovery tool's operation and the mandatory weekly review and update procedures

Evidence auditors look for

  • Passive discovery tool configuration settings and deployment documentation
  • Scan execution logs showing weekly (or more frequent) discovery runs with timestamps
  • Asset inventory comparison reports showing additions from discovery scans
  • Updated asset inventory entries with dates added and discovery source attribution
  • Network diagram identifying monitored segments and any exclusions from passive discovery
  • Change management records documenting asset additions triggered by discovery findings

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates weekly asset discovery scan scheduling and automatically reconciles detected devices against your inventory, eliminating manual review bottlenecks and ensuring CIS 1.5 compliance evidence is generated continuously.

See how GRCWatch handles this control automatically

Start free trial

Related controls

CIS Control 1.1 - Establish and Maintain Detailed Enterprise Asset InventoryCIS Control 1.2 - Address Unauthorized AssetsCIS Control 1.3 - Address Unauthorized Software