3.4.9 Control and monitor user-installed software

By wnoble2005@gmail.com (William Noble) 📅 2024-03-01

NIST 800-171 control 3.4.9 helps organizations oversee software users install. This reduces security risks from unapproved programs and improves system stability. By defining a software approval process, using detection methods to find unauthorized software, and regularly monitoring systems, organizations can hold system owners accountable for managing software effectively.

Users can install software in organizational systems if provided the necessary privileges. To maintain control over the software installed, organizations identify permitted and prohibited actions regarding software installation through policies. Permitted software installations include updates and security patches to existing software and applications from organization-approved “app stores.” Prohibited software installations may include software with unknown or suspect pedigrees or software that organizations consider potentially malicious. The policies organizations select governing user-installed software may be organization-developed or provided by some external entity. Policy enforcement methods include procedural methods, automated methods, or both.

Benefits:

Reduced Risk: By controlling what software users can install, organizations limit the chance of malware, vulnerabilities, and compatibility issues.

Improved Security Posture: Unauthorized software can be a security hole. Monitoring installations helps identify and address potential risks.

Enhanced Compliance: Meeting industry regulations often requires control over software installations.

Accountability:

Senior Management: Sets the Tone: Defines the organization's security posture regarding user-installed software. Allocates Resources: Provides budget and personnel for IT security and user education. Approves Policies: Ensures policies on permitted and prohibited software are clear and enforceable.

IT Security Team: Develops Policies: Creates and implements policies on software installation procedures, approval processes, and acceptable use. Monitors Systems: Uses tools to detect unauthorized software and potential vulnerabilities. Provides Guidance: Educates users on secure software practices and assists with approved software installation.

System Owners: Maintains Inventory: Tracks authorized software installed on their systems. Identifies Risks: Evaluates risks associated with specific software requests from users. Reports Issues: Communicates unauthorized software installations and suspicious activity to the IT security team.

Individual Users: Adheres to Policies: Installs only approved software obtained from authorized sources. Requests Permission: Seeks approval for any software deemed necessary outside the approved list. Reports Suspicious Activity: Alerts IT security about any unauthorized software installations or unusual system behavior.

Implementation:

Policy Development: Create a policy outlining permitted and prohibited software. This can include approved "app stores" for updates and applications.

Access Controls: Implement access controls (like User Account Control) to limit user privileges for software installation.

Monitoring: Use tools to monitor software installations and identify unauthorized programs. This can include system logs, vulnerability scanners, and IT asset management (ITAM) tools.

Approval Process: Establish a process for users to request permission to install specific software. This allows evaluation for security and functionality.

Go to docs.google.com

☰

Back

About "3.4.9 Control and monitor...tware" 🡃

Category:Cybersecurity Maturity Model
Family:Configuration Management (AC 3.4)
Type:Derived Security Requirements

#CybersecurityMaturityModel #DerivedSecurityRequirements

⬅ Back to 3.4 CONFIGURATION MANAGEMENT

3.4 CONFIGURATION MANAGEMENT

3.4.9 Control and monitor user-installed software

Benefits:

Accountability:

Implementation:

More on q4q.com

Q4Q Technical Solutions