16.4: Establish and Manage an Inventory of Third-Party Software Components

CSF v1.1 References:


Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: 18.3: Verify That Acquired Software is Still Supported.

Control Statement

Establish and manage an updated inventory of third-party components used in development, often referred to as a “bill of materials,” as well as components slated for future use. This inventory is to include any risks that each third-party component could pose. Evaluate the list at least monthly to identify any changes or updates to these components, and validate that the component is still supported.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]