Lab instruments arrive on the network. They rarely arrive in the asset register. CybrIQ closes that gap.

What federal grant offices actually expect.

Federal research funding now carries device-inventory expectations that have grown more specific over the last five years. The most-cited frameworks:

• NDAA Section 889 (2019, applied 2020-on). Covered-entity hardware (Huawei, ZTE, Hytera, Hangzhou Hikvision, Dahua, and named subsidiaries) cannot be procured with federal funds, used to perform federal work, or operate on networks that touch federal-funded research. The attestation requirement is real; the inventory work to back it up is often missing.
• NIST SP 800-171 Rev. 3 / 800-172. Required for institutions handling Controlled Unclassified Information from DoD, DOE, and several civilian agencies. Asset-management controls (3.4.1, 3.4.6 in the prior revision) explicitly require an accurate, current device inventory.
• CMMC Level 2 / Level 3. The DoD contractor framework that university research offices increasingly need to demonstrate compliance against. Asset management is one of fourteen control families.
• NIH and NSF data-management plans. Increasingly include security-control attestations that depend on the institution's broader inventory posture.

None of these can be satisfied honestly by a spreadsheet that the lab manager updates "when they get to it." The inventory has to be continuous and verifiable.

Identification at the moment of plug-in.

The CybrIQ External Scan Engine reads each managed switch via SNMP read-only. When a new device appears on a port, we capture its Layer-1 fingerprint (link negotiation pattern, MAC OUI, LLDP and CDP TLV ordering, port statistics, VLAN context) and match it against the 750-million-device reference library. The output is a vendor and model identification, often within minutes of the device powering on.

For research environments specifically, this matters because the centralized IT team rarely sees instruments before they arrive. The PI orders, the vendor ships, the technician installs. By the time IT would have learned through normal procurement channels, the instrument has been on the network for weeks. With CybrIQ, the security team and the network team see the instrument in the inventory the same day the technician plugs it in.

For Section 889 specifically, the reference library carries the covered-entity flag and the named-subsidiary lookups. A camera that ships with a Hikvision OEM relabeled by a downstream vendor still resolves to the underlying covered-entity manufacturer in our identification.

A non-exhaustive list of what shows up on a lab port.

• Mass spectrometers with embedded acquisition PCs (Thermo, Waters, Agilent, Bruker, Sciex).
• NMR and EPR spectrometers with vendor-supplied control workstations.
• Confocal and electron microscopes with on-instrument compute (Zeiss, Leica, Nikon, Olympus, Thermo Fisher, Hitachi, JEOL).
• Genomics sequencers (Illumina, Pacific Biosciences, Oxford Nanopore, Element Biosciences, Ultima Genomics).
• Flow cytometers (BD, Beckman, Sony, Cytek, Bio-Rad).
• HPLC, FPLC, and chromatography systems with vendor control PCs.
• Lab automation hardware (Hamilton, Tecan, Beckman, Agilent liquid handlers).
• Environmental monitoring systems (incubator monitors, freezer monitors, lab-wide environmental sensors from Vaisala, OnSet, Cooper-Atkins, and others).
• Imaging cameras on microscopes, plate readers, and dedicated imaging stations.
• Specialized DAQ hardware (National Instruments, Measurement Computing, Vernier, vendor-specific custom).

For each, we identify the vendor, model, firmware where the device exposes it via LLDP, switch port, VLAN, and the date we first saw it on the network.