Inventory and Control of Software Assets
CIS Control 2
Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.
Why is this Critical?
Similar to CIS Control 1, this control emphasizes the need for developing and maintaining a comprehensive inventory of the organization’s software. This can be a daunting task given the ease in which software can be downloaded from the internet. Every organization should know what software has been installed, who installed it, and what it does. Controls 1 and 2 are recommended to be worked together.