NCCoE Seeks Comments on Revised Software Asset Management White Paper

The NCCoE's Software Asset Management Building Block white paper has been revised with comments from the public. Version 2 of the white paper has been posted for an additional 30-day comment period, which runs through October 16, 2015.

Building blocks are cybersecurity solutions that are applicable across multiple industry sectors.

The Software Asset Management Building Block will help organizations inventory and assess the state of installed software across their IT systems. This building block proposes a standardized approach to software asset management so that an organization has an integrated view of software throughout its lifecycle. The building block will support:

  • Authorization and verification of software installation media – Verifies that the media is from a trusted software publisher and that the installation media has not been tampered with
  • Software execution whitelisting – Verifies that the software is authorized to run and has not been tampered with
  • Publication of installed software inventory – A device securely communicates what software is installed to an organization-wide database
  • Software inventory-based network access control – A device's level of access to a network is determined by what software is or is not present on the device and whether its patches are up to date

Comments should be submitted to conmon-nccoe@nist.gov.