IG2 IG3

Utilize Automated Software Inventory Tools

Control Group: 2. Inventory and Control of Software Assets

Asset Type: Applications

Security Function: Detect

Description

Utilize software inventory tools, when possible, throughout the enterprise to automate the discovery and documentation of installed software.

Implementation Checklist

1

Deploy detection tools or enable detection capabilities

2

Configure alerting thresholds and notification channels

3

Establish monitoring schedule and review process

4

Test detection capabilities with simulated events

5

Document detection procedures and escalation paths

6

Select and deploy inventory management tool

7

Populate initial inventory with all known assets

8

Establish process for adding/removing inventory entries

Tool Recommendations

Flexera One Gartner MQ Leader, SAM 2024

IT asset management and software asset management platform with license optimization and SaaS management

Flexera · Enterprise subscription

Microsoft Intune Gartner MQ Leader, UEM 2024

Unified endpoint management platform for device enrollment, software deployment, configuration, and compliance across Windows, macOS, iOS, and Android

Microsoft · Per-user/per-device subscription

VMware Workspace ONE Gartner MQ Leader, UEM 2024

Digital workspace platform combining UEM with virtual app delivery and zero-trust access for endpoint management

Broadcom (VMware) · Per-device subscription

Threats & Vulnerabilities (CIS RAM)

Threat Scenarios

Undetected Software Installation by Threat Actors

Confidentiality

Attackers install persistence tools, keyloggers, or lateral movement utilities that go undetected because no automated tooling monitors for new software installations.

Drift from Approved Software Baseline

Integrity

Without automated discovery, manual inventory becomes stale rapidly as users install unapproved applications, creating an expanding and invisible attack surface.

Vulnerabilities (When Safeguard Absent)

Manual-Only Software Discovery

Relying on manual processes to track installed software across the enterprise is error-prone and cannot scale, resulting in chronically incomplete and outdated inventories.

No Real-Time Visibility into Software Changes

Without automated inventory tools, there is no mechanism to detect when new software is installed or existing software is modified between manual audit cycles.

Evidence Requirements

Type	Evidence Item	Collection Frequency
Technical	Detection tool deployment evidence (dashboard screenshots, agent status)	Captured monthly
Technical	Sample alert/detection output demonstrating capability	Captured quarterly
Technical	Asset/software inventory export with required fields populated	Exported quarterly for review
Record	Inventory review meeting minutes or sign-off	Per review cycle
Document	Governing policy document (current, approved, communicated)	Reviewed annually

Related Policy Templates

Software Asset Management Policy

Control 2

Related Safeguards in Control 2

2.1 Establish and Maintain a Software Inventory

2.2 Ensure Authorized Software is Currently Supported

2.3 Address Unauthorized Software

2.5 Allowlist Authorized Software

2.6 Allowlist Authorized Libraries

2.7 Allowlist Authorized Scripts