I am working on a series of posts related to the Center for Internet Security (CIS) Critical Security Controls (CSCs). See the full listing here.
Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.
This control includes ten (10) sub controls. For those of you reviewing the CIS Controls with the Implementation Groups in mind, there are three (3) IG1 controls and five (5) IG2 controls. This means that, at a minimum, we want to:
- Maintain an up-to-date list of all authorized software that is required in the enterprise for any business purpose on any business system.
- Ensure that only software applications or operating systems currently supported and receiving vendor updates are added to the organization’s authorized software inventory. Unsupported software should be tagged as unsupported in the inventory system.
- Ensure that unauthorized software is either removed or the inventory is updated in a timely manner
Great! We’ve got a solid process in place to identify all the physical assets on our network – now we need to understand what is running on each of those devices. The the most basic level, we want to have a list of each software install on each device. This inventory needs to also include the version information, so that we can monitor for, and apply, patches and upgrades. Finally we need to implement a process to remove any unauthorized software once it is detected.
There are several ways to pull this information, but running the following command will pull the following attributes by default (including many others):
# Create a quick CSV file that lists out installed software Get-CimInstance -ClassName Win32_Product | Export-Csv \Path\to\folder\
If you’re comfortable working with objects within PowerShell, you’ll likely want to perform the comparisons directly in the console. If that is not your cup of tea, working with a CSV makes sorting and comparing in a tool like Excel much easier.
Related News Stories
|Commercial||Open-Source & “Freemium”|
|VMware Carbon Black App Control||MS AppLocker|
|Ivanti Endpoint Security||Spiceworks|
|MS System Center||WMIC|
|NEWT Professional (Komodo)||PowerShell – Get-WMIObject / Get-CIMInstance|
The CIS Controls are in version 7.1 at the time of this writing. For more information on this control check out the CIS Control #2 page here.
One thought on “CIS CSC #2 – Inventory and Control of Software Assets”