NIST 800-53 REV 5 • PHYSICAL AND ENVIRONMENTAL PROTECTION

PE-20Asset Monitoring and Tracking

Employ {{ insert: param, pe-20_odp.01 }} to track and monitor the location and movement of {{ insert: param, pe-20_odp.02 }} within {{ insert: param, pe-20_odp.03 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Asset location technologies can help ensure that critical assets—including vehicles, equipment, and system components—remain in authorized locations. Organizations consult with the Office of the General Counsel and senior agency official for privacy regarding the deployment and use of asset location technologies to address potential privacy concerns.

Practitioner Notes

Asset monitoring and tracking ensures you know where your hardware is at all times — servers, laptops, mobile devices, and other equipment. If something goes missing, you need to know quickly.

Example 1: Implement an asset management system (Snipe-IT, ServiceNow, or a spreadsheet for smaller organizations) that tracks every piece of IT equipment: serial number, location, assigned user, and status. Conduct physical inventory checks quarterly and reconcile against your records.

Example 2: For mobile assets (laptops, tablets), use Microsoft Intune or another MDM solution that reports device location and last check-in time. For high-value physical assets, consider RFID tags or GPS trackers. Flag any device that has not checked in for 30+ days for investigation.

More Physical and Environmental Protection Controls

PE-1 Policy and Procedures PE-2 Physical Access Authorizations PE-2(1) Access by Position or Role PE-2(2) Two Forms of Identification