2.3: Address Unauthorized Software
CSF v1.1 References:
Threats Addressed:
Previous Version:
- Critical Security Controls Version 7.1:
- 2.6: Address unapproved software
Incorporates the following control from the previous version: 13.4: Only Allow Access to Authorized Cloud Storage or Email Providers.
Control Statement
Ensure that unauthorized software is either removed from use on enterprise assets or receives a documented exception. Review monthly, or more frequently.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]