CIS Controls v8

CIS 2 Inventory and Control of Software Assets

Starts in IG1 | Track authorized software and remove unauthorized applications.

Implementation Actions

Build software allowlist.
Monitor install/execution events.
Retire unsupported software.

Evidence Examples

Software inventory
Allowlist/denylist records
Removal change logs

Suggested Metrics

Authorized software coverage
Unauthorized software closure time

Navigation

Back to All 18 CIS Controls NIST CSF 2.0 Guidance FedRAMP Guidance Cybersecurity Glossary