Asset custody is the chain of responsibility that shows who had physical or logical control of a device at each stage of use. For shared mobile, custody must be recorded in a way that survives shift changes, exceptions, and urgent clinical use, or loss and dispute become normal.
Expanded Definition
Asset custody is the operational record of who controlled a device, system, or shared endpoint at each point in its lifecycle. In NHI and IAM programs, custody matters because devices often hold or broker access to credentials, tokens, certificates, and other secrets, and those assets can change hands across shifts, teams, vendors, or emergency response events. The concept is broader than ownership: ownership names the accountable party, while custody tracks the current and prior holder of physical or logical control. That distinction is important for incident review, chain-of-evidence questions, and access accountability. Guidance varies across sectors, but the expectation is consistent with NIST Cybersecurity Framework 2.0 principles for asset visibility and governance. NHI Management Group stresses that custody must survive exceptions, not just normal handoffs, because a log that breaks during urgency is the log that fails when it is needed most. The most common misapplication is treating asset ownership as custody, which occurs when teams assume a named owner is enough without recording actual handoff history.
Examples and Use Cases
Implementing asset custody rigorously often introduces process overhead during high-tempo operations, requiring organisations to weigh continuity and accountability against speed of handoff.
- A shared clinical tablet is signed out between nursing shifts, with each transfer recorded so investigators can reconstruct who had access when a patient-facing app was used.
- A mobile device used for privileged access is issued to an on-call engineer, then returned to a secure locker after use, preserving custody across urgent after-hours response.
- A vendor-managed maintenance device is tracked separately from the vendor’s account ownership so the enterprise can prove who physically possessed it during a service window.
- A field laptop carrying certificates and cached credentials is checked in and out through a formal chain, reducing disputes when a secret is later found exposed.
- As part of broader NHI governance, the Ultimate Guide to NHIs frames custody as part of lifecycle control, while device handling and access logging align with NIST Cybersecurity Framework 2.0 practices for detection and protection.
In practice, custody also applies to emergency exceptions, such as break-glass access to a device in a ward, so the record must show who approved the exception, who held the device, and when control was returned.
Why It Matters in NHI Security
Asset custody is a control point for preventing invisible exposure of credentials, tokens, and certificates that may live on shared endpoints. When custody is unclear, teams cannot reliably answer whether a device was offline, tampered with, left unattended, or used outside policy while holding secrets. That uncertainty amplifies NHI risk because the device becomes the bridge between physical access and logical compromise. NHIMG reports that only 5.7% of organisations have full visibility into their service accounts, and the same visibility gap often appears around the devices that administer them, making custody records a practical necessity rather than a paperwork exercise. The issue also affects incident response, since revocation, rotation, and forensic scoping are slower when teams cannot prove which device held what and when. The Ultimate Guide to NHIs is especially relevant here because it links visibility failures to broader lifecycle weaknesses, while NIST Cybersecurity Framework 2.0 reinforces the need for asset accountability and recovery. Organisations typically encounter custody failures only after a lost device, disputed handoff, or breach investigation, at which point asset custody becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Asset custody supports NHI visibility and accountability across device lifecycle handling. |
| NIST CSF 2.0 | ID.AM | Asset management requires knowing where devices are and who controls them. |
| NIST Zero Trust (SP 800-207) | Zero trust depends on continuous assurance about the device in use and its current holder. |
Track device handoffs and enforce custody logging wherever NHIs or their secrets can be exposed.
