:

12.1: Maintain an Inventory of Network Boundaries

Sub-control 12.1 states that you must maintain an up-to-date inventory of all of the organization’s network boundaries.

Asset Type	Security Function	Implementation Groups
Network	Identify	1, 2, 3

Dependencies

Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information

Inputs

Device inventory: An inventory of expected boundary devices (M1) as derived from the endpoint inventory (sub-control 1.4).

Operations

Utilize a discovery tool or process to examine the network topology. Then, collect the list of devices that are considered boundary devices (M2).
Evaluate the difference between I1 and Operation 1 to get the list of non-inventoried boundary devices (M3).

Measures

Measure	Definition
M1 = List of expected network boundary devices	A list of expected network boundary devices.
M2 = Count of items in M1	A count of the total number of items in M1.
M3 = List of discovered network boundary devices	A list of discovered network boundary devices.
M4 = Count of items in M3	A count of the total number of items in M3.
M5 = List of non-inventoried boundary devices	A list of non-inventoried boundary devices.
M6 = Count of items in M5	A count of the total number of items in M5.

Metrics

Coverage

Metric	Calculation
The ratio of non-inventoried boundary devices compared to expected boundary devices. If the calculated value is greater than zero, the inventory is not current.	M6 / M2

Copyright © 2025 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.