Insights to Control Framework Mapping: Potentially Unwanted Application & Software Presence Ingrid Refer to the following Potentially Unwanted Application & Software Presence insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights: Multiple Potentially Unwanted Programs The detection of multiple Potentially Unwanted Programs (PUP) indicates ineffective control of workstation software installation Over 1 distinct event types from: [Potentially Unwanted Program (PUP)] were observed Assessment Negative Observations Potentially Exploited Desktop Software Mobile Software CIS v8 Controls CIS v7 Controls Controls 5 Account Management 10 Malware Defenses Safeguards 5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts 5.5 Establish and Maintain an Inventory of Service Accounts 9.2 Use DNS Filtering Services 9.3 Maintain and Enforce Network-Based URL Filters 10.1 Deploy and Maintain Anti-Malware Software 10.2 Configure Automatic Anti-Malware Signature Updates 10.3 Disable Autorun and Autoplay for Removable Media 10.4 Configure Automatic Anti-Malware Scanning of Removable Media 10.5 Enable Anti-Exploitation Features 10.6 Centrally Manage Anti-Malware Software Controls 4 Controlled Use of Administrative Privileges 8 Malware Defenses Safeguards 4.1 Maintain Inventory of Administrative Accounts 4.3 Ensure the Use of Dedicated Administrative Accounts 4.5 Use Multi-Factor Authentication for All Administrative Access 4.6 Use Dedicated Workstations For All Administrative Tasks 4.8 Log and Alert on Changes to Administrative Group Membership 4.9 Log and Alert on Unsuccessful Administrative Account Login 8.1 Utilize Centrally Managed Anti-malware Software 8.2 Ensure Anti-Malware Software and Signatures Are Updated 8.3 Enable Operating System Anti-Exploitation Features/Deploy Anti-Exploit Technologies 8.4 Configure Anti-Malware Scanning of Removable Devices 8.5 Configure Devices to Not Auto-Run Content 8.6 Centralize Anti-Malware Logging 8.7 Enable DNS Query Logging 8.8 Enable Command-Line Audit Logging No Potentially Unwanted Software The lack of observations of potentially unwanted software indicates effective control of workstation software installation The ratio of events of type [Potentially Unwanted Program (PUP)] by type [Desktop Endpoint, Mobile Endpoint] is below 0.01% Assessment Positive Observations Potentially Exploited Desktop Software Mobile Software CIS v8 Controls CIS v7 Controls Controls 5 Account Management Safeguards 5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts 5.5 Establish and Maintain an Inventory of Service Accounts Controls 4 Controlled Use of Administrative Privileges Safeguards 4.6 Use Dedicated Workstations For All Administrative Tasks 4.8 Log and Alert on Changes to Administrative Group Membership 4.9 Log and Alert on Unsuccessful Administrative Account Login Potentially Unwanted Program The presence of Potentially Unwanted Software (PUP), typically bundled with software downloaded from untrusted sources, indicates ineffective control of workstation software installation The ratio of events of type [Potentially Unwanted Program (PUP)] by type [Desktop Endpoint, Mobile Endpoint] is above 0.1% Assessment Negative Observations Potentially Exploited Desktop Software Mobile Software CIS v8 Controls CIS v7 Controls Controls 5 Account Management Safeguards 5.2 Use Unique Passwords 5.3 Disable Dormant Accounts 5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts 5.5 Establish and Maintain an Inventory of Service Accounts Controls 4 Controlled Use of Administrative Privileges Safeguards 4.1 Maintain Inventory of Administrative Accounts 4.2 Change Default Passwords 4.3 Ensure the Use of Dedicated Administrative Accounts 4.4 Use Unique Passwords 4.5 Use Multi-Factor Authentication for All Administrative Access 4.6 Use Dedicated Workstations For All Administrative Tasks 4.7 Limit Access to Script Tools 4.8 Log and Alert on Changes to Administrative Group Membership 4.9 Log and Alert on Unsuccessful Administrative Account Login Software Unrelated to Office Productivity The presence of software unrelated to office productivity indicates ineffective control of software installation on endpoints The ratio of events of type [Media and Entertainment Software, Sideloaded Mobile App, File Sharing in Use, Potentially Unwanted Program (PUP)] by type [Desktop Endpoint, Mobile Endpoint] is above 1.0% Assessment Negative Observations Potentially Exploited Insecure Systems Desktop Software Mobile Software File Sharing CIS v8 Controls CIS v7 Controls Controls 2 Inventory and Control of Software Assets Safeguards 2.1 Establish and Maintain a Software Inventory 2.2 Ensure Authorized Software is Currently Supported 2.3 Address Unauthorized Software 2.5 Allowlist Authorized Software Controls 2 Inventory and Control of Software Assets Safeguards 2.1 Maintain Inventory of Authorized Software 2.2 Ensure Software is Supported by Vendor 2.3 Utilize Software Inventory Tools 2.4 Track Software Inventory Information 2.6 Address Unapproved Software 2.7 Utilize Application Whitelisting April 1, 2025: Published. Related articles Insights to Control Framework Mapping Potentially Exploited Findings Next.js Authorization Bypass Vulnerability [CVE-2025-29927] Issue Tracking Propagation in the Ratings Tree – April 7, 2025 Insights to Control Framework Mapping: Mobile Applications Feedback 0 comments Please sign in to leave a comment.