PR.PS-02.245

Has your organization implemented a process to identify and remove unnecessary software components and utilities from systems?

Explanation

Unnecessary software components and utilities increase the attack surface of systems, providing potential entry points or tools that attackers can exploit. Examples include unused operating system utilities, sample applications, development tools left on production systems, or legacy components no longer required. Evidence could include a documented software inventory management process, results from recent system hardening activities, or reports from automated tools that identify and flag unnecessary software components across your environment.

Implementation Example

Uninstall and remove any unnecessary software components (e.g., operating system utilities) that attackers might misuse

ID: PR.PS-02.245

Context

Function
PR: PROTECT
Category
PR.PS: Platform Security
Sub-Category
Software is maintained, replaced, and removed commensurate with risk

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron