The organisation must know what software is used on managed devices, including a Software “Bill-of-Materials” (BOM) of libraries and components.
Specification
Use of automated scripts and tooling to identify the installed software and maintain an up-to-date documentation.
ISO 27001 & 27002:2022
A5.9,
A8.9
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
CO.02 Configuratie database en baseline