Control 2.6: Address Unapproved Software¶
Ensure that unauthorized software is either removed or the inventory is updated in a timely manner.
Category¶
Procedural
Purpose¶
This Sub-Control is the natural progression from Sub Control 2.1. Once a software asset inventory has been created, each computer, phone, and/or tablet should be checked to ensure that the software installed on that system is authorized to be there. When unapproved software is identified, it should be uninstalled or otherwise removed. A regular cadence should be established to survey relevant systems for unauthorized software.
Unapproved software has not been reviewed by anyone within an organization that has decision authority for IT. Additionally, it has not been reviewed by a security professional to understand if the software meets an organization’s minimum baselines for security. Unapproved software is commonly out of date and can contain known vulnerabilities that can be exploited. Unapproved software may also be malware, all of which should be avoided.
Automation¶
This is an automatable Sub-Control and multiple types of tools can used to alleviate this problem. Examples include typical IT asset management tools, that can help to track both hardware and software, alongside versions of software in use. Refer to Sub-Controls 1.4 and 2.1 for additional information regarding this category of software tools. Another category of software that can help is antivirus, which helps to identify malicious software installation and identify when it is on a system. Finally, whitelisting software will let an enterprise specify a list of applications that are allowed to run on enterprise systems.
Guidance and Tools¶
Many operating systems ship with tools that help accomplish this Sub-Control, in whole or in part. Many of the applications that come pre-installed with operating systems, such as games, social media, and other types of software are candidate for deletion. Additionally, software can be purchased, open source or free tools can be downloaded, to assist. 10AppsManager is an application that can help delete applications that come pre-installed within Windows 10 (https://www.thewindowsclub.com/10appsmanager-windows-10).
Step-by-step instructions for implementing this Sub-Control can be found in: Uninstalling Software