Recommendations from the Center for Internet Security

In our last blog, we started a new series that focuses on security recommendations from the Center for Internet Security (CIS). As a reminder, the CIS framework consists of 18 controls that are organized by importance.

We previously discussed control #1 which was inventory and control of enterprise assets. This month, we are focusing on Control #2 which calls for an actively managed software inventory. CIS Recommends that every organization should:

• Make an inventory of all software installed on enterprise assets

• Confirm what software is and is not authorized

• Confirm what software is being actively updated and supported by the software author

• Confirm that all software is properly licensed

• Document any exceptions and detail controls and risk acceptance

• Review monthly and take action to remove unauthorized software

CHTS is happy to assist you with your organization’s software inventory and make recommendations for how to monitor it! Call us at 719-264-1384 and ask to speak to your Team Manager.