This Operational Tier control triangle seeks to manage the sourcing, acquisition, testing, maintenance, and retirement of all technology infrastructure, including hardware, mobile devices, firmware, operating systems, and associated technical tools, ensuring they support the organisation’s information systems and business operations.

This control rolls down from the Manage Capability Domain and cascades into: 3.2.1-Manage Onsite Asset, 3.2.2-Manage Offsite Asset, and 3.2.3-Manage Mobile Asset control subdomains.

---

Control Mappings:
Cobit:2019 ➡️ EDM04; EDM04.02; APO01; APO01.10; BAI04; BAI04.03; DSS04; DSS04.02; DSS05; DSS05.02
PCI:DSSv4.01 ➡️ 1; 1.1; 1.2.1; 1.2.3; 1.2.7; 1.3
GDPR:2024 ➡️ Art.32
ISO27001:2022 ➡️ 7; 7.1; 8; 8.3
ISO38500:2024 ➡️ 4; 4.1; 4.1.3; 4.2; 5; 5.12; 7.2.3
ITIL:v4 ➡️ SM17; SM20; SM25; SM26; TM33
NIST:CSFv2 ➡️ ID; ID.AM; ID.AM-08
MaRisk:2024 ➡️ AT 7.2(1)
CIS:v8 ➡️ Securely Manage Enterprise Assets and Software; Network Infrastructure Management; Establish and Maintain a Secure Network Architecture