Соответствие требованиям

Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Наш канал

CIS Critical Security Controls v8 (The 18 CIS CSC)

Framework

Software Assets

Для проведения оценки соответствия по документу войдите в систему.

Список требований

Показывать только требования

Control 02. Inventory and Control of Software Assets
Actively manage (inventory, track, and correct) all software (operating systems and applications) on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.
2.1 Establish and Maintain a Software Inventory
Establish and maintain a detailed inventory of all licensed software installed on enterprise assets. The software inventory must document the title, publisher, initial install/use date, and business purpose for each entry; where appropriate, include the Uniform Resource Locator (URL), app store(s), version(s), deployment mechanism, and decommission date. Review and update the software inventory bi-annually, or more frequently.

Обязательно для implementation Group 1 2 3
2.2 Ensure Authorized Software is Currently Supported
Ensure that only currently supported software is designated as authorized in the software inventory for enterprise assets. If software is unsupported, yet necessary for the fulfillment of the enterprise’s mission, document an exception detailing mitigating controls and residual risk acceptance. For any unsupported software without an exception documentation, designate as unauthorized. Review the software list to verify software support at least monthly, or more frequently.

Обязательно для implementation Group 1 2 3
2.3 Address Unauthorized Software
Ensure that unauthorized software is either removed from use on enterprise assets or receives a documented exception. Review monthly, or more frequently

Обязательно для implementation Group 1 2 3
2.4 Utilize Automated Software Inventory Tools
Utilize software inventory tools, when possible, throughout the enterprise to automate the discovery and documentation of installed software.

Обязательно для implementation Group 2 3
2.5 Allowlist Authorized Software
Use technical controls, such as application allowlisting, to ensure that only authorized software can execute or be accessed. Reassess bi-annually, or more frequently.

Обязательно для implementation Group 2 3
2.6 Allowlist Authorized Libraries
Use technical controls to ensure that only authorized software libraries, such as specific .dll, .ocx, .so, etc., files are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually, or more frequently.

Обязательно для implementation Group 2 3
2.7 Allowlist Authorized Scripts
Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, etc., files are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.

Обязательно для implementation Group 3

Связанные защитные меры

Ничего не найдено