Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • CIS Control 2: Inventory and Control of Software Assets
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

CIS Control 2: Inventory and Control of Software Assets

5 years ago Matthew Jerzewski
CIS Control 2: Inventory and Control of Software Assets

Today, I will be going over CIS Control 2 from version 8 of the top 18 CIS Controls – Inventory and Control of Software Assets. Version 7 of CIS Controls had 10 requirements, but in version 8, it’s simplified down to seven safeguards. I will go over those safeguards and offer my thoughts on what I’ve found.

Key Takeaways for Control 2

  • Reusability. The tools that were mentioned in CIS Control 1 will also be used in CIS Control 2. Reusing tools that accomplish goals for both Controls 1 and 2 can help cut costs as well as help you gain familiarity and knowledge of the extent of the tools’ capabilities.
  • Establish a secure baseline. Establishing a baseline of installed software enables an organization to respond to active threats, avoid license violations, and identify unnecessary security risks. Commercial software inventory and vulnerability scanning tools can assist in this process.
  • Enforce with allowlist. Many options exist for defining precise allowlist to govern what software, libraries, or scripts may execute on a system. A strong policy can impede attackers who might be attempting to gain elevated access to a system.

Safeguards for Control 2

2.1) Establish and Maintain a Software Inventory

Description: Establish and maintain a detailed inventory of all licensed software installed on enterprise assets. The software inventory must document the title, publisher, initial install/use date, and business purpose for each entry. Where appropriate, it must also include the Uniform Resource Locator (URL), app store(s), version(s), deployment mechanism, and decommission date. It’s important to review and update the software inventory bi-annually or more frequently.

Notes: This safeguard is supported by safeguard 2.4 regarding automated software inventory. Automated tools can greatly help with developing and maintaining the software inventory, as required by this safeguard. Have a document or database ready for frequent updating to ensure you have the latest software versions. Maintaining current software is critical, as updates often resolve security problems.

2.2) Ensure Authorized Software is Currently Supported

Description: Ensure that only currently supported software is designated as authorized in the software inventory for enterprise assets. If software is unsupported yet necessary for the fulfillment of the enterprise’s mission, document an exception detailing mitigating controls and residual risk acceptance. For any unsupported software without an exception documentation, designate as unauthorized. Review the software list to verify software support at least monthly or more frequently.

Notes: Running unsupported software elevates the risk that attackers will be able to exploit the software for malicious ends. If an unsupported software package is necessary for the enterprise, an exception must be requested to determine whether the risk can be accepted.   

2.3) Address Unauthorized Software

Description: Ensure that unauthorized software is either removed from use on enterprise assets or that it receives a documented exception. Review monthly or more frequently.

Notes: Leaving unauthorized software on an asset exposes the enterprise to unmanaged risk. The inventory produced by safeguard 2.1 should be compared against the active network on at least a monthly basis. It is critical to remove or quarantine any software that has been flagged.  

2.4) Utilize Automated Software Inventory Tools

Description: When possible, utilize software inventory tools throughout the enterprise to automate the discovery and documentation of installed software.

Notes: Manually cataloging asset and software inventory can be a tedious task. It is a time-consuming process, and it can be riddled with user error. Selecting an automated solution is a must. Tripwire offers IP360, an automated tool which can scan environments for new software and drive populating your inventory databases.

2.5) Allowlist Authorized Software

Description: Use technical controls such as application allowlisting to ensure that only authorized software can execute or be accessed. Reassess bi-annually or more frequently.

Notes: As in version 7, this is one of the most important safeguards to implement. Having the ability to allowlist software well help prevent unauthorized software from being installed on your organization’s assets. It is important to note the distinction here between a blocklist and an allowlist. Blocklists prevent specific undesirable programs from executing, while allowlisting limits execution when something has been explicitly permitted to run. An allowlist can be defined on a range of attributes including file name/path/size or a known cryptographic hash or signature. Enabling an allowlist of software will start the baseline for your scanning and allow you to have better insight for locating and isolating unauthorized software.

2.6) Allowlist Authorized Libraries

Description: Use technical controls to ensure that only the files from authorized libraries such as .dll, .ocx, .so, etc. are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually or more frequently

Notes: Similar to safeguard 2.5, this safeguard plays on the same concept of allowlisting authorized software libraries. While some tools like Applocker are freely available, capability limits may push enterprises toward paid commercial software.  

2.7) Allowlist Authorized Scripts

Description: Use technical controls such as digital signatures and version control to ensure that only authorized scripts such as specific .ps1, .py, etc. files are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually or more frequently

Notes: Script interpreters are often needed for standard software installations and administrative tasks, but they can present a large security gap for an attacker. Creating an allowlist of authorized scripts restricts what an attacker can do on a compromised system. System admins have the added ability to define which users are able to run these scripts. 

Read more about the 18 CIS Controls here:

CIS Control 1: Inventory and Control of Enterprise Assets

CIS Control 2: Inventory and Control of Software Assets

The post ” CIS Control 2: Inventory and Control of Software Assets” appeared first on TripWire

Source:TripWire – Matthew Jerzewski

Tags: Critical Severity, Exploit, TripWire

Continue Reading

Previous Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites
Next Factors You Should Consider for an Optimal Hybrid Cloud Strategy

More Stories

  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

2 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

9 hours ago [email protected] (The Hacker News)
  • Data Breach
  • Vulnerabilities

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

11 hours ago [email protected] (The Hacker News)

Recent Posts

  • TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
  • Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
  • Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
  • Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
  • 5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT