NIST: Automation Support for Security Control Assessments: Software Asset Management

CxO Governance Home Info & Security IT Asset Management Risk & Audit

by | December 10, 2018

NIST has published NIST Interagency Report (NISTIR) 8011 Volume 3, Automation Support for Security Control Assessments: Software Asset Management.

This volume features the software asset management (SWAM) information security capability. The focus of the SWAM capability is to manage risk created by unmanaged or unauthorized software on a network.  Such software is a target that may be used by attackers as a platform from which to attack components on the network. A well-designed SWAM program helps to: prevent compromised software from being installed or staying deployed on the network; prevent attackers from gaining a foothold; prevent attacks from becoming persistent; and restore required and authorized software as needed.

NISTIR 8011 is planned to ultimately consist of 13 volumes. It represents a joint effort between NIST and the Department of Homeland Security to provide an operational approach for automating security control assessments in order to facilitate information security continuous monitoring (ISCM), ongoing assessment, and ongoing security authorizations in a way that is consistent with this Risk Management Framework overall, and with the guidance in NIST SPs 800-53 and 800-53A in particular.


Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!