16.4: Establish and Manage an Inventory of Third-Party Software Components
CSF v1.1 References:
Control is new to this version of the control set and incorporates the following control from the previous version: 18.3: Verify That Acquired Software is Still Supported.
Control Statement
Establish and manage an updated inventory of third-party components used in development, often referred to as a “bill of materials,” as well as components slated for future use. This inventory is to include any risks that each third-party component could pose. Evaluate the list at least monthly to identify any changes or updates to these components, and validate that the component is still supported.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]