Back

Record the software version in the asset inventory.


CONTROL ID
12196
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an asset inventory., CC ID: 06631

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Software registers contain versions and patch histories of applications, drivers, operating systems and firmware. (Control: ISM-1643; Revision: 0, Australian Government Information Security Manual, June 2023)
  • Software registers contain versions and patch histories of applications, drivers, operating systems and firmware. (Control: ISM-1643; Revision: 0, Australian Government Information Security Manual, September 2023)
  • The host device shall automatically report the software and file versions of protection from malicious code in use (as part of overall logging function). (14.4.3 (1) ¶ 1, IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • An essential step in protecting your mobile device is to record identifying attributes of the device and its use. These attributes include but are not limited to the following: - Serial number (hardware and electronic should match) - Model number - Operating system, firmware, and payment-acceptance … (¶ 5.6.1, PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, Version 1.1)
  • The software inventory system should track the name, version, publisher, and install date for all software, including operating systems authorized by the organization. (CIS Control 2: Sub-Control 2.4 Track Software Inventory Information, CIS Controls, 7.1)
  • The software inventory system should track the name, version, publisher, and install date for all software, including operating systems authorized by the organization. (CIS Control 2: Sub-Control 2.4 Track Software Inventory Information, CIS Controls, V7)
  • Establish and maintain a detailed inventory of all licensed software installed on enterprise assets. The software inventory must document the title, publisher, initial install/use date, and business purpose for each entry; where appropriate, include the Uniform Resource Locator (URL), app store(s), … (CIS Control 2: Safeguard 2.1 Establish and Maintain a Software Inventory, CIS Controls, V8)
  • The host device shall automatically report the software and file versions of protection from malicious code in use (as part of overall logging function). (14.4.3 (1) ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • Identifying the type and version of open source software in use, where it is used within the entity, and its purpose. (App A Objective 13:6g Bullet 2 Sub-Bullet 4, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Records of the system and software versions in place and regular monitoring of online and industry resources for information on product enhancements, security or other issues, patches, or upgrades. (App A Objective 15:3b Bullet 3, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)