These are tool that are implemented by the information security program to perform automated assessment of organizational standards related to:
- Vulnerability and patch compliance: Validating information system patch levels and vulnerability across the enterprise to include:
- Server and workstation operating systems (Windows, Linux, and so on)
- Network devices (Routers, Switches, and so on)
- Server software applications (Database, email, DNS, and so on)
- Desktop applications (Microsoft Word, Adobe Acrobat, and so on)
- Network and configuration management: Ensuring compliance with organizational change management policies as well as information security baselines:
- Manages the thousands of configuration items related to the information system and allows for common secure configurations
- Performs the discovery and inventory of information system assets
- Discovery and restriction of unauthorized software and hardware
- Software assurance: The development and implementation of software that is free from exploitable vulnerabilities and works as intended:
- Static code analysis
- Web application vulnerability scanners
- Database vulnerability scanners
- License and asset management: Tools that help the organization make an inventory of hardware and software locations on the enterprise network or individual information system:
- These tools offer management of software deployment and provisioning, asset discovery and information collection, and software and hardware usage.
- These functions may be integrated into other tools implemented by the organization. For example, your network or configuration management tools may include asset management.