2.4: Utilize Automated Software Inventory Tools

Utilize software inventory tools, when possible, throughout the enterprise to automate the discovery and documentation of installed software.

Asset Type	Security Function	Implementation Groups
Applications	Detect	2, 3

Dependencies

Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Safeguard 2.3: Address Unauthorized Software

Inputs

GV1: Enterprise asset inventory
GV7: Software capable assets
List of software inventory tools

Operations

Use GV1 and GV7 to identify and enumrate assets unable to support sofware (M2).
For each software capable asset GV7
1. Identify and enumerate if the asset is covered by at least one software inventory tool (M3)
2. Identify and enumerate if the asset is not covered by at least one software inventory tool (M4)

Measures

M1 = Count of GV7
M2 = Count of assets unable to to support software
M3 = Count of assets covered by software inventory tools
M4 = Count of assets not covered by software inventory tools
M5 = Count of Input 2

Metrics

If M5 is 0 or unavailable, then this safeguard is measured at a 0 and receives a failing score. The other metrics don’t apply.

Inventory Tool Coverage

Read the Docs v: latest

Versions: latest; stable

Downloads

On Read the Docs: Project Home; Builds