ID.AM-02.122

Does your organization maintain a comprehensive inventory of all software and services, including commercial, open-source, custom, API, and cloud-based applications?

Explanation

A complete software and service inventory is fundamental to effective security management as it enables organizations to track what needs to be patched, monitored, and secured. Without knowing what software and services exist in your environment, it's impossible to properly secure them against vulnerabilities or ensure compliance with licensing requirements. Evidence of fulfillment could include a centralized software asset management (SAM) database or spreadsheet that lists all applications with details such as vendor, version, purpose, owner, deployment location (on-premises/cloud), licensing information, and security approval status.

Implementation Example

Maintain inventories for all types of software and services, including commercial-off-the-shelf, open-source, custom applications, API services, and cloud-based applications and services

ID: ID.AM-02.122

Context

Function: ID: IDENTIFY
Category: ID.AM: Asset Management
Sub-Category: Inventories of software, services, and systems managed by the organization are maintained

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub