Does your organization have a process to identify, uninstall, and remove unauthorized software and services that pose security risks?
Explanation
Unauthorized software and services can introduce significant security vulnerabilities into your environment, including malware, backdoors, or applications with known security flaws. A formal process to identify and remove such software helps maintain a secure and controlled IT environment by reducing the attack surface available to potential threats.
Evidence could include a documented software approval process, regular software inventory reports showing authorized vs. unauthorized software, screenshots of software management tools (like Microsoft SCCM or similar), and logs or records of unauthorized software removal actions.
Implementation Example
Uninstall and remove unauthorized software and services that pose undue risks
ID: PR.PS-02.244
Context
- Function
- PR: PROTECT
- Category
- PR.PS: Platform Security
- Sub-Category
- Software is maintained, replaced, and removed commensurate with risk
Related questions
- Has your organization established and maintained hardened baseline configurations for all systems that enforce security policies and provide only essential capabilities?
- Does your organization have a documented process for reviewing default configuration settings for security implications when installing or upgrading software?
- Does your organization have a process to monitor software for deviations from approved baselines?
- Does your organization implement and adhere to defined timeframes for routine and emergency patching as specified in your vulnerability management plan?
- Does your organization follow an immutable infrastructure approach for container deployments by replacing rather than updating existing container instances when updates are required?
- Does your organization have a process to identify and replace end-of-life software and services with supported versions?

