What is a CMDB?
A CMDB (Configuration Management Database) is a central database in which all IT and OT assets (components) and their interrelationships are recorded, managed and visualised.
A CMDB provides a single, reliable view of your technical infrastructure — from servers to switches, from PLCs to applications.
The CMDB is an essential element of ITIL and ISMS, and is increasingly being applied in an OT context for Asset Management, Change Management and Incident Response.
🎯 Purpose of a CMDB
- A complete view of all assets (CIs) and their interdependencies
- Managing changes to configurations and versions
- Supporting incident analysis and impact assessment
- Compliance with standards such as ISO 27001, NIS2 and BIO
- Bringing IT and OT components together in hybrid environments
🧱 What does a CMDB contain?
| Element | Description |
|---|---|
| Configuration Items (CIs) | Anything that needs to be managed: hardware, software, network components, etc. |
| Attributes | IP address, serial number, firmware version, location, owner |
| Relationships | Which components depend on each other (e.g. app ↔ database ↔ server) |
| Status information | Active, decommissioned, in maintenance, retired |
| Audit trails | Logging of changes (who, what, when) |
🔧 Common CI types
- Servers (on-prem or cloud)
- Network equipment (switches, firewalls, routers)
- Software applications and licences
- PLCs, HMIs, SCADA components
- OT network segmentation or zones and conduits model
- Backups, certificates, user accounts
- Virtual machines, containers, storage, etc.
📊 The CMDB and other processes
| Process | Relationship to the CMDB |
|---|---|
| Incident Management | Impact analysis based on dependencies |
| Change Management | Validating changes at CI level |
| Asset Management | Full lifecycle registration |
| Risk Management | Linking vulnerabilities and risks to CIs |
| Patch management | Insight into which systems are vulnerable |
| Disaster Recovery | Knowing which components must be restored |
✅ Benefits of a CMDB
- A central source of truth for infrastructure
- Faster issue resolution through visibility of dependencies
- Better compliance and documentation
- Supports audits, certifications and incident accountability
- Enables automation of management, monitoring and updates
🛠️ Examples of CMDB tools
- ServiceNow
- iTop (open source)
- Device42
- BMC Helix
- GLPI
- Freshservice
- SolarWinds CMDB
- OT-specific: Claroty, Nozomi (limited CMDB functionality)
📌 In summary
A CMDB provides a single overview of all systems, devices and dependencies in your IT and OT landscape. It is the foundation for management, risk analysis, incident response and continuous improvement.