N.Y. Comp. Codes R. & Regs. tit. 23, § 500.13
(a) As part of its cybersecurity program, each covered entity shall implement written policies and procedures designed to produce and maintain a complete, accurate and documented asset inventory of the covered entity’s information systems. The asset inventory shall be maintained in accordance with written policies and procedures. At a minimum, such policies and procedures shall include:
(1) a method to track key information for each asset, including, as applicable, the following: