A CMDB (Configuration Management Database) is a database that records all relevant IT assets (Configuration Items, CIs) and their relationships. It serves as the central inventory for IT service management and information security.
ISO 27001 Annex A controls A.5.9 (Inventory of Information Assets), A.5.10 (Acceptable Use), and A.8.9 (Configuration Management) require an up-to-date asset inventory — the CMDB provides this foundation. Typical contents include servers, network devices, software licenses, databases, and their dependencies. The challenge lies in currency: a CMDB that is not maintained quickly loses value. Automated discovery tools that regularly scan systems and update the CMDB help address this. Common platforms include ServiceNow, iTop, and GLPI.