Software registers for workstations, servers, network devices and networked IT equipment are developed, implemented, maintained and verified on a regular basis.
Topic
Software register
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Priority
Should
Dec 2024
Software registers for workstations, servers, network devices and networked IT equipment are developed, implemented, maintained and verified on a regular basis.
The existing control recommending that software registers for workstations, servers, network devices and other IT equipment are developed, implemented, maintained and verified on a regular basis was amended to re-scope ‘other IT equipment’ to ‘networked IT equipment’.
Jun 2024
Software registers for workstations, servers, network devices and other IT equipment are developed, implemented, maintained and verified on a regular basis.
References to ICT equipment were amended to IT equipment.
Dec 2022
Software registers for workstations, servers, network devices and other ICT equipment are developed, implemented, maintained and verified on a regular basis.
Existing controls relating to the maintenance of registers were amended to ensure registers are developed and implemented in the first instance.
Mar 2022
Software registers are maintained for workstations, servers, network devices and other ICT equipment and verified on a regular basis.
Due to the confusing use of audit terminology, references to ‘audited’ have been changed to ‘verified’. For example, an ICT equipment register is verified (rather than audited) on a regular basis. This will allow security personnel, or other suitable parties, to conduct such activities rather than having to rely on the use of an organisation’s internal auditors.
Jun 2021
Software registers are maintained and regularly audited for workstations, servers, mobile devices, network devices and all other ICT equipment.
Security control 1493 was amended to split out the contents of the software register into a separate security control as per similar security controlpairs for othertypes ofregisters.
Apr 2021
A software register, including versions and patch histories of applications, drivers, operating systems and firmware for workstations, servers, mobile devices, network devices and all other ICT equipment, is maintained and regularly audited.
Aug 2019
A software register, including versions and patch histories of applications, drivers, operating systems and firmware for workstations, servers, mobile devices, network devices and all other ICT equipment, is maintained and regularly audited.
Security control 1493 was modified to replace ‘an inventory’ with ‘a register’ to ensure consistency with similar security controls.
Jul 2019
To maintain visibility of applications, drivers, operating systems and firmware that potentially require patching or updating, an inventory (including details of versions and patching histories) is maintained for workstations, servers, mobile devices, network devices and all other ICT equipment.
Nov 2018
To maintain visibility of applications, drivers, operating systems and firmware that potentially require patching or updating, an inventory (including details of versions and patching histories) is maintained for workstations, servers, mobile devices, network devices and all other ICT equipment.
Added to address a gap in guidance on the maintenance of an inventory of software and hardware that may require patching of security vulnerabilities.