Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and
can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. [csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.] Maintain an up-to-date list of all authorized software that is required in the enterprise for any business purpose on any business system. Ensure that only software applications or operating systems currently supported and receiving vendor updates are added to the organization's authorized software inventory. Unsupported software should be tagged as unsupported in the inventory system. 2.3: Utilize Software Inventory ToolsUtilize software inventory tools throughout the organization to automate the documentation of all software on business systems. 2.4: Track Software Inventory InformationThe software inventory system should track the name, version, publisher, and install date for all software, including operating systems authorized by the organization. 2.5: Integrate Software and Hardware Asset InventoriesThe software inventory system should be tied into the hardware asset inventory so all devices and associated software are tracked from a single location. 2.6: Address unapproved softwareEnsure that unauthorized software is either removed or the inventory is updated in a timely manner 2.7: Utilize Application WhitelistingUtilize application whitelisting technology on all assets to ensure that only authorized software executes and all unauthorized software is blocked from executing on assets. 2.8: Implement Application Whitelisting of LibrariesThe organization's application whitelisting software must ensure that only authorized software libraries (such as *.dll, *.ocx, *.so, etc.) are allowed to load into a system process. 2.9: Implement Application Whitelisting of ScriptsThe organization's application whitelisting software must ensure that only authorized, digitally signed scripts (such as *.ps1, *.py, macros, etc.) are allowed to run on a system. 2.10: Physically or Logically Segregate High Risk ApplicationsPhysically or logically segregated systems should be used to isolate and run software that is required for business operations but incurs higher risk for the organization. Actively manage (inventory, track, and correct) all software (operating systems and applications) on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. Why is this CIS Control Critical? A complete software inventory is a critical foundation for preventing attacks. Attackers continuously scan target enterprises looking for vulnerable versions of software that can be remotely exploited. For example, if a user opens a malicious website or attachment with a vulnerable browser, an attacker can often install backdoor programs and bots that give the attacker long-term control of the system. Attackers can also use this access to move laterally through the network. One of the key defenses against these attacks is updating and patching software. However, without a complete inventory of software assets, an enterprise cannot determine if they have vulnerable software, or if there are potential licensing violations. Even if a patch is not yet available, a complete software inventory list allows an enterprise to guard against known attacks until the patch is released. Some sophisticated attackers use “zero-day exploits”, which take advantage of previously unknown vulnerabilities that have yet to have a patch released by the software vendor. Depending on the severity of the exploit, an enterprise can implement temporary mitigation measures to guard against attacks until the patch is released. Management of software assets is also important to identify unnecessary security risks. An enterprise should review their software inventory to identify any enterprise assets running software that is not needed for business purposes. For example, an enterprise asset may come installed with default software that creates a potential security risk and provides no benefit to the enterprise. It is critical to inventory, understand, assess, and manage all software connected to an enterprise’s infrastructure.
What is the most effective way to ensure that only authorized software is allowed to run on the system?Description: Use technical controls such as application allowlisting to ensure that only authorized software can execute or be accessed. Reassess bi-annually or more frequently. Notes: As in version 7, this is one of the most important safeguards to implement.
What is inventory and control of hardware assets?What it is: Inventory and Control of Hardware Assets is part of the "basic" group of the CIS top 20 critical security controls. It specifically addresses the need for awareness of what is on your network, as well as awareness of what shouldn't be.
What is the CSC framework?Crisis Standards of Care provides a framework for a systems approach to the development and implementation of CSC plans, and addresses the legal issues and the ethical, palliative care, and mental health issues that agencies and organizations at each level of a disaster response should address.
What are the CIS 20 controls?Creating your Critical Controls strategy?. Control 1: Inventory and Control of Hardware Assets. ... . Control 2: Inventory and Control of Software Assets. ... . Control 3: Continuous Vulnerability Management. ... . Control 4: Controlled Use of Administrative Privileges.. |
