Understanding CIS Control 2
This week, we’re focusing on CIS Control 2: Inventory of Authorized and Unauthorized Software. More specifically: “Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.” 1
Inventory management can be challenging for any organization, but you can’t protect your systems unless you know what’s running on them. Cybercriminals consistently look for organizations running vulnerable software as an easy entry point into otherwise secure networks. By taking advantage of these vulnerabilities, attackers can collect sensitive information from not only the vulnerable machine, but other machines connected to the company’s network.
Following Control 2 doesn’t just make organizations more secure – it can also help by providing increased visibility. A detailed software inventory allows to organizations see where applications are duplicated, unnecessary, or otherwise installed without authorization. By eliminating the unwanted applications, the organization can save money and establish standards across the organization. This leads to the ability to accurately report on organizational assets and develop appropriate plans for the future.
Achieving CIS Control 2
How can your organization successfully apply Control 2? There are three key steps:
- identify and document all software
- develop a whitelist of approved software
- manage the software on the system through regular scanning and updates
Documentation can be a major effort, especially for large organizations with multiple devices and applications. Remember to track not only the software installed on a machine, but the operating system (and version) installed as well. Be sure to collect information about each application’s patch level, ensuring that the latest version is installed. Commercial tools can automate this process and assist with application whitelisting, which means that only pre-authorized software may be installed on machines. Your whitelist of approved software can be as short or extensive as your organization needs; the goal is to know, control and continually manage what’s on your network. Once the inventory is completed, routinely scan the network to identify changes. Keep in mind that organizational policies can help communicate which software has been approved, the process for adding software to your whitelist, and the dangers of introducing unauthorized software onto your networked devices.
As with all CIS Controls, software inventory isn’t a one-time check. It is an ongoing responsibility that involves tools, processes, and policies to keep your network current and safe.
Want to know more? Check out these resources:
Previous post from this series:
 CIS Critical Security Controls for Effective Cyber Defense, Version 6.1.