Data Classification, Secure Configuration Management
LOW, MOD, HIGH
P2
Yes
January 20, 2018
The Agency utilizes configuration management tools to monitor the installation of software across all Agency-owned information resources. Where possible, configuration management tools validate the count of installations against the count of licenses on record for a given software application.
Improper use of information or assets occurs inside an information processing facility.
The organization:
a. Uses software and associated documentation in accordance with contract agreements and copyright laws;
b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
The organization utilizes periodic monitoring sweeps to catch inappropriate peer-to-peer file sharing.
The state organization:
• uses software and associated documentation in accordance with contract agreements and copyright laws;
• tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and
• controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.
Obtain procedures relating to use of software and peer-to-peer file sharing technology and ascertain if:
(i) the software is used in accordance with contract agreements and copyright laws;
(ii) the use of software is tracked and protected by quantity licenses to control copying and distribution; and
(iii) the use of peer to peer software is controlled and protected against unauthorized distribution, display, performance, or reproduction of copyrighted work.
