Government
CAG
CAG is a first step toward providing specific audit guidelines that CISOs, CIOs, IGs, and the US-CERT can adopt to ensure their agency systems have the baseline security controls in place that are most critical. It takes advantage of the knowledge gained in analyzing the myriad attacks that are being actively and successfully launched against federal systems and our nations industrial base systems and identifying the key controls that are most critical for stopping those attacks.
Having a whitelist of authorized software, and an inventory of authorized and unauthorized software, is important, according to the CAG. Software that is extraneous to business use often introduces security vulnerabilities and, once a machine is exploited, attackers can use it as a staging point for collecting sensitive information from other systems, warned the guidelines.
Bit9 helps federal agencies achieve these guidelines and protect information by providing a methodology for application whitelisting and preventing the installation or execution of unauthorized applications. These controls minimize the risk of malicious, illegal and unauthorized software that can create vulnerabilities and enable targeted attacks.
Bit9 provides:
- Application whitelisting to ensure only authorized software is allowed to run - blocking ALL unauthorized software
- Audit new software is installations or preventative blocks
- Software metering to identify to audit software execution
Read more about how Bit9 helps you meet CAG guidelines:
Running A Fully Controlled Windows Desktop Environment with Application Whitelisting
Learn how to control your desktops with Bit9 Parity
3.5 Million People Depend on Regional 911 -- 911 Depends on Bit9
