Inventory and Control of Software Assets
Actively manage (inventory, track, and correct) all software (operating systems and applications) on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.
Why Is This Control Critical?
A complete software inventory is a critical foundation for preventing attacks. Attackers continuously scan target enterprises looking for vulnerable versions of software that can be remotely exploited. For example, if a user opens a malicious website or attachment with a vulnerable browser, an attacker can often install backdoor programs and bots that give the attacker long-term control of the system. Attackers can also use this access to move laterally through the network. One of the key defenses against these attacks is updating and patching software. However, without a complete inventory of software assets, an enterprise cannot determine if they have vulnerable software, or if there are potential licensing violations.
Related Policy Templates
Safeguards (7)
| ID | Title | Asset Type | Function | Implementation Groups |
|---|---|---|---|---|
| 2.1 | Establish and Maintain a Software Inventory | Applications | Identify |
IG1
IG2
IG3
|
| 2.2 | Ensure Authorized Software is Currently Supported | Applications | Identify |
IG1
IG2
IG3
|
| 2.3 | Address Unauthorized Software | Applications | Respond |
IG1
IG2
IG3
|
| 2.4 | Utilize Automated Software Inventory Tools | Applications | Detect |
IG2
IG3
|
| 2.5 | Allowlist Authorized Software | Applications | Protect |
IG2
IG3
|
| 2.6 | Allowlist Authorized Libraries | Applications | Protect |
IG2
IG3
|
| 2.7 | Allowlist Authorized Scripts | Applications | Protect |
IG3
|