GRCWatch
Sign inStart free trial

CIS Control 2.3: Address Unauthorized Software

Unauthorized software creates security gaps and compliance violations across your enterprise assets. CIS Control 2.3 requires you to remove unauthorized applications or formally document exceptions—and audit this monthly. GRCWatch helps SMBs automate software inventory tracking and exception management without the enterprise price tag.

What this means

This control mandates that your organization actively identify and eliminate unauthorized software from all devices and systems. Any software not explicitly approved must either be uninstalled or documented as an approved exception with justification. Monthly (or more frequent) reviews ensure your software inventory stays current and compliant, reducing attack surface and licensing risks.

How to comply

  1. 1.Establish a whitelist of approved software across your organization
  2. 2.Deploy endpoint discovery tools to scan for unauthorized applications monthly
  3. 3.Remove detected unauthorized software from all enterprise assets
  4. 4.For necessary exceptions, document business justification and obtain formal approval
  5. 5.Schedule monthly audits to verify compliance and track removals
  6. 6.Maintain audit logs showing software inventory changes and exceptions approved
  7. 7.Communicate policy to end users and enforce through configuration management

Evidence auditors look for

  • Monthly software inventory scan reports with unauthorized applications identified
  • Documented exception requests with business justification and approval signatures
  • Removal confirmation logs showing unauthorized software uninstalled from devices
  • Change management records linking software removals to compliance reviews
  • Asset management database showing approved software baseline per device type
  • Policy document defining authorized software and exception process

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automatically inventories installed software across your devices, flags unauthorized applications against your approved list, and tracks monthly compliance—eliminating manual scans and spreadsheet exceptions.

See how GRCWatch handles this control automatically

Start free trial

Related controls

CIS 2.1 — Hardware InventoryCIS 2.2 — Software InventoryCIS 3.3 — Address Unauthorized Software