CIS Controls 2.4 Utilize Automated Software Inventory Tools
The Center for Internet Security Controls or #CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of #Cybersecurity controls.
The 153 #Safeguards, which are found in the 18 controls, are a foundation to protecting your technology and data. They are not rocket science and the majority you can start to implement today.
Follow along as I outline and simplify the safeguards as we work together and #SecureIT.
We kick off the week with Safeguard 2.4 which Is utilizing an automated software inventory tool when possible to automate the discovery and documentation of installed software.
Safeguard 2.4 is only required with #ImplementationGroup2 and #IG3but if by utilizing a tool to automate your #SoftwareInventory you will also check off Safeguard 2.1.
STOP!!!
It's very possible you are already using a tool that does this. The majority of Remote Monitoring and Management Tools (RMM) as they maintain a list of systems for remote access, they will typically provide you an inventory of software installed on each system. RMMs typically are targeting your Windows, Macs, or Linux systems and some may also dive into your mobile devices with Mobile Device Management add-ons. In order to comply you do need to maintain the software inventory for all company assets.
Tools like Microsoft #Intune, N-able N-Central, ConnectWise, Kaseya, Autotask Corporation, Barracuda MSP, Syncro, NinjaOne, ManageEngine all likely provide some sort of a list functionality within the other functions.
Liongard or Netwrix Corporation expands on what the RMM does but can focus on more in-depth analysis and historical records of what software was installed, versions, and more.
No matter what tool you find or choose to implement it is critical to ensure that there is integration into the inventory/documentation tool that you are using to ensure compliance with Safeguard 2.1.
Again, while 2.4 is not required for IG1 this really is a no-brainer to incorporate and typically is a low-cost add-on if you're not already doing it.
Join the conversation at https://www.linkedin.com/posts/scottrdavispa_ciscontrols-cybersecurity-safeguards-activity-7071611390171475968-uHHt?utm_source=share&utm_medium=member_desktop