SG-17—Software Usage Restrictions
>Control Description
Theme
Type
Policy/Standard
Information Security Management Standard>Implementation Guidance
1. Ensure there is a formal documented software license agreement/policy which defines the criteria for the installation of software. 2. Ensure software license agreement/policy is reviewed and updated on annual basis or when required. 3. Continuous monitoring of installed software to ensure the compliance posture as per the defined criteria.
>Testing Procedure
1. Identify and document the inventory of software license contracts corresponding to different software. 2. Inspect management approved procedures for license maintenance and usage are in place and maintained. 3. Ensure that monitoring is in place to check the compliance effectiveness with usage restrictions defined as part of software license maintenance as well as usage contracts. 4. Ensure monitoring records of period review/audits are maintained to ensure adherence to the requirements of the software license contracts and usage restrictions. 5. Licenses and contracts are reviewed as needed, and increased supply of licenses and contracts are obtained if needed to meet use/demand.
>Audit Artifacts
>Framework Mappings
Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.
Ask AI
Configure your API key to use AI features.