Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Insights to Control Framework Mapping: Potentially Unwanted Application & Software Presence

Ingrid

Refer to the following Potentially Unwanted Application & Software Presence insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights:

Multiple Potentially Unwanted Programs

The detection of multiple Potentially Unwanted Programs (PUP) indicates ineffective control of workstation software installation

Over 1 distinct event types from: [Potentially Unwanted Program (PUP)] were observed

Assessment

insight-ineffective.png Negative

Observations

CIS v8 Controls CIS v7 Controls

Controls

  • 5 Account Management
  • 10 Malware Defenses

Safeguards

  • 5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts
  • 5.5 Establish and Maintain an Inventory of Service Accounts
  • 9.2 Use DNS Filtering Services
  • 9.3 Maintain and Enforce Network-Based URL Filters
  • 10.1 Deploy and Maintain Anti-Malware Software
  • 10.2 Configure Automatic Anti-Malware Signature Updates
  • 10.3 Disable Autorun and Autoplay for Removable Media
  • 10.4 Configure Automatic Anti-Malware Scanning of Removable Media
  • 10.5 Enable Anti-Exploitation Features
  • 10.6 Centrally Manage Anti-Malware Software

Controls

  • 4 Controlled Use of Administrative Privileges
  • 8 Malware Defenses

Safeguards

  • 4.1 Maintain Inventory of Administrative Accounts
  • 4.3 Ensure the Use of Dedicated Administrative Accounts
  • 4.5 Use Multi-Factor Authentication for All Administrative Access
  • 4.6 Use Dedicated Workstations For All Administrative Tasks
  • 4.8 Log and Alert on Changes to Administrative Group Membership
  • 4.9 Log and Alert on Unsuccessful Administrative Account Login
  • 8.1 Utilize Centrally Managed Anti-malware Software
  • 8.2 Ensure Anti-Malware Software and Signatures Are Updated
  • 8.3 Enable Operating System Anti-Exploitation Features/Deploy Anti-Exploit Technologies
  • 8.4 Configure Anti-Malware Scanning of Removable Devices
  • 8.5 Configure Devices to Not Auto-Run Content
  • 8.6 Centralize Anti-Malware Logging
  • 8.7 Enable DNS Query Logging
  • 8.8 Enable Command-Line Audit Logging

No Potentially Unwanted Software

The lack of observations of potentially unwanted software indicates effective control of workstation software installation

The ratio of events of type [Potentially Unwanted Program (PUP)] by type [Desktop Endpoint, Mobile Endpoint] is below 0.01%

Assessment

insight-effective.png Positive

Observations

CIS v8 Controls CIS v7 Controls

Controls

5 Account Management

Safeguards

  • 5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts
  • 5.5 Establish and Maintain an Inventory of Service Accounts

Controls

4 Controlled Use of Administrative Privileges

Safeguards

  • 4.6 Use Dedicated Workstations For All Administrative Tasks
  • 4.8 Log and Alert on Changes to Administrative Group Membership
  • 4.9 Log and Alert on Unsuccessful Administrative Account Login

Potentially Unwanted Program

The presence of Potentially Unwanted Software (PUP), typically bundled with software downloaded from untrusted sources, indicates ineffective control of workstation software installation

The ratio of events of type [Potentially Unwanted Program (PUP)] by type [Desktop Endpoint, Mobile Endpoint] is above 0.1%

Assessment

insight-ineffective.png Negative

Observations

CIS v8 Controls CIS v7 Controls

Controls

5 Account Management

Safeguards

  • 5.2 Use Unique Passwords
  • 5.3 Disable Dormant Accounts
  • 5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts
  • 5.5 Establish and Maintain an Inventory of Service Accounts

Controls

4 Controlled Use of Administrative Privileges

Safeguards

  • 4.1 Maintain Inventory of Administrative Accounts
  • 4.2 Change Default Passwords
  • 4.3 Ensure the Use of Dedicated Administrative Accounts
  • 4.4 Use Unique Passwords
  • 4.5 Use Multi-Factor Authentication for All Administrative Access
  • 4.6 Use Dedicated Workstations For All Administrative Tasks
  • 4.7 Limit Access to Script Tools
  • 4.8 Log and Alert on Changes to Administrative Group Membership
  • 4.9 Log and Alert on Unsuccessful Administrative Account Login

Software Unrelated to Office Productivity

The presence of software unrelated to office productivity indicates ineffective control of software installation on endpoints

The ratio of events of type [Media and Entertainment Software, Sideloaded Mobile App, File Sharing in Use, Potentially Unwanted Program (PUP)] by type [Desktop Endpoint, Mobile Endpoint] is above 1.0%

Assessment

insight-ineffective.png Negative

Observations

CIS v8 Controls CIS v7 Controls

Controls

2 Inventory and Control of Software Assets

Safeguards

  • 2.1 Establish and Maintain a Software Inventory
  • 2.2 Ensure Authorized Software is Currently Supported
  • 2.3 Address Unauthorized Software
  • 2.5 Allowlist Authorized Software

Controls

2 Inventory and Control of Software Assets

Safeguards

  • 2.1 Maintain Inventory of Authorized Software
  • 2.2 Ensure Software is Supported by Vendor
  • 2.3 Utilize Software Inventory Tools
  • 2.4 Track Software Inventory Information
  • 2.6 Address Unapproved Software
  • 2.7 Utilize Application Whitelisting
  • April 1, 2025: Published.

Related articles

Feedback

0 comments

Please sign in to leave a comment.