top of page


Updated: Feb 2

SANS 20 Critical Security Controls, "Active, Known, and Authorized Inventory," is fundamental to any robust cybersecurity strategy. This control focuses on a comprehensive understanding of an organization's hardware and software assets.

This new series of articles will focus on each parameter of the SANS 20 Critical Security Controls. The first focus today is on active, known, and authorized Inventory. 

In the dynamic landscape of cybersecurity, organizations face an ever-growing threat landscape. To effectively safeguard against cyber threats, it's essential to establish a solid foundation. The first parameter of the SANS 20 Critical Security Controls, "Active, Known, and Authorized Inventory," serves as the cornerstone for a proactive and resilient cybersecurity strategy.

1. Active Inventory

In Inventory cybersecurity, Active Inventory refers to the real-time and continuous monitoring of all devices and assets connected to an organization's network. Here are the main focuses: 

  • Importance of Real-time Monitoring

In cybersecurity, having an active inventory is akin to watching every device connected to the network. Real-time monitoring allows organizations to identify devices when they connect, providing a proactive stance against potential security threats. Automated tools that continuously scan the network contribute to the timeliness and accuracy of the Inventory

  • Continuous Scanning and Discovery

Organizations should deploy tools that conduct regular and continuous scans of the network to discover new devices and assets such as Nmap, Wireshark, Advanced IP Scanner, OpenVAS, Rapid7 Nexpose, QualysGuard, SolarWinds NPM, Fing, Lansweeper, and Angry IP Scanner. These tools enable continuous and proactive identification of devices on the network, helping to detect unauthorized or rogue devices promptly and reduce the window of vulnerability. The choice of tools depends on specific organizational needs, network complexity, and desired levels of automation and integration. 

  • Dynamic Nature of IT Environments

Modern IT environments are dynamic, with devices regularly joining and leaving the network environment. Active inventory management recognizes this dynamism, ensuring the organization maintains an up-to-date and accurate account of all connected devices. Automation plays a crucial role in adapting to the pace of change in IT infrastructures.

2. Known Inventory 

  • Challenges of Maintaining a Known Inventory: Maintaining a known inventory involves overcoming challenges such as shadow IT, where employees use unauthorized devices or applications. Unmanaged devices present a significant risk as they may need the latest security updates. Organizations must address these challenges by implementing policies and technologies that account for the diversity of devices in use.

  • Benefits of Accurate Cataloging: An accurately cataloged inventory brings several benefits, including enhanced visibility into the IT landscape. Security teams can better understand the organization's attack surface and potential points of vulnerability. Knowing the devices and applications allows more effective risk management and threat mitigation.

  • Regular Audits and Reconciliation: Regular audits and reconciliation processes are essential to ensure the accuracy of the inventory Periodic reviews and help identify discrepancies between the documented iInventory and the actual devices and applications. This proactive measure strengthens the organization's security posture by reducing the likelihood of overlooking potential threats.

3. Authorized Inventory

  • Preventing Unauthorized Access: The authorized inventory component emphasizes allowing only approved devices and applications within the network. Access controls and policies are pivotal in preventing unauthorized access and reducing the risk of security breaches. Clear communication of authorization policies to employees is crucial to ensure compliance.

  • Risks of Unauthorized or Outdated Assets: Unauthorized or outdated assets pose significant risks to an organization. Outdated software may contain known vulnerabilities, and unauthorized devices may introduce security gaps. Examples include unpatched software vulnerabilities, malware propagation through unauthorized devices, and the creation of rogue access points.Organizations can mitigate these risks by enforcing strict authorization policies and maintaining a more secure environment (security audits, employee education etc...)

  • Role of Access Controls and Policies: Access controls and well-defined authorization policies act as the gatekeepers of the network. These measures ensure that only authorized users and devices can access specific resources. Regular reviews and updates of access control lists contribute to the organization's ongoing security.


In conclusion, the "Active, Known, and Authorized Inventory" control is not merely a static record-keeping exercise; it's a dynamic and proactive approach to cybersecurity. By understanding the importance of each parameter and implementing best practices, organizations can fortify their defenses, reduce attack surfaces, and build a resilient foundation against evolving cyber threats.

Stay tuned for other articles on the SANS 20 security controls series!

Bradley & Rollins is at your service to help you with all these issues and is ready to listen to your cybersecurity challenges.

26 views0 comments


bottom of page