IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.88 Licence management and version control of
standard software
Initiation responsibility: Agency/company management
Implementation responsibility: Head of IT Section, Head of organisation
Without suitable version control and licence control, experience shows that a
wide assortment of versions rapidly comes to be used on an IT system or
within an organisational unit, some of which may be used without a licence.
Only licensed software must be used on all IT systems within an institution.
This provision must be made known to all employees and the administrators
of the various IT systems must ensure that only licensed software is used. To
do this they must be equipped with suitable tools for licence control.
Frequently, within an institution, different versions of standard software are
used. Within the context of licence control it must also be possible to gain an
overview of all versions used. In this way it can be guaranteed that old
versions are replaced by newer ones as soon as this is necessary, and that
when licences are returned, all versions are deleted.
In addition to this, the various configurations of the installed software must be
documented. As a result, it must be possible to acquire an overview of which
IT system which settings, relevant to security on a standard software product,
were specified by the approval and which were actually installed. Thus, for
example, it can be rapidly clarified on which computers macro-programming
has been installed on product XYZ and on which it has not.
Additional controls:
- Which provisions are in force?
- Are different versions of a standard software product in use?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000