Inventory and Control of Software Assets

Introduction

Safeguard 2 - Inventory and Control of Software Assets

Maintain a list of applications used by your department. The application list should at least include the following details.
- What is the purpose of the application?
- What is the risk classification of the application (low, medium, or high)?
- Who is responsible for maintaining the application (name, email, and phone number)?
Send the IT Security Office a list of high risk applications and their URLs (if applicable).
Update the application list annually.

If software is discovered that is unsupported yet necessary for normal operation of the enterprise
- This software should be documented
- The software controls and risks should be documented
If software is discovered that is not supported and has not exception documented
- Designate this software as Unauthorized
Review and update your software list at least monthly, or more frequently

If unauthorized software is discovered

Windows offers a software inventory solution via the Configuration Manager. To access this tool, do the following.

Open the Configuration Manager console
Select Administration -> Client Settings Default Client Settings
Next, choose Software Inventory
Within the Device Settings list, you can configure the following
- Enable software inventory on clients
- Schedule software inventory and file collection schedule

VT Enterprise Endpoint Management tools such as BigFix and MDE have software inventory capabilities.

This step is under construction.

This step is under construction.

If you have questions that are not covered in these procedures, please contact the VT IT Security Office itso@vt.edu for a consultation.