Federal Agencies Must Create a Software Asset Inventory Now – Here’s How Lansweeper Can Help

The White House just released a new wide-ranging cybersecurity executive order ordering all U.S. Federal Civilian Executive Branch (FCEB) agencies to create a complete and accurate inventory of all of their software assets - and they only have 90 days to do it. This follows a directive from President Biden to the National Institute of Standards and Technology (NIST) to publish guidance on how agencies can secure their software to protect government systems and information better.

Get Compliant - Fast.

Contact us today to see how Lansweeper can help you achieve the Operational Directive and get compliant – fast.

The Cybersecurity and Infrastructure Security Agency (CISA) also issued the Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks, that directs federal civilian agencies to better account for what resides on their networks.

"Threat actors continue to target our nation's critical infrastructure and government networks to exploit weaknesses within the unknown, unprotected, or under-protected assets," said CISA Director Jen Easterly. "Knowing what's on your network is the first step for any organization to reduce risk. While this Directive applies to federal civilian agencies, we urge all organizations to adopt the guidance in this directive to gain a complete understanding of vulnerabilities that may exist on their networks. We all have a role to play in building a more cyber-resilient nation."  

Why the need for a software asset inventory? Because as the directive states, continuous and comprehensive asset visibility is essential for managing cybersecurity risk.

The order is intended to prevent incidents such as the 2020 SolarWinds breach when more than 18,000 customers installed software updates containing malware that spread undetected. The malware enabled hackers to access SolarWinds's customer information technology systems and spy on other companies and organizations. As a result of the order, the process of identifying assets and vulnerabilities, and providing that information to the Cybersecurity and Infrastructure Security Agency (CISA) regularly, will now become a baseline requirement for all FCEB agencies.

Get Compliant - Fast.

Contact us today to see how Lansweeper can help you achieve the Operational Directive and get compliant – fast.

A Growing Attack Surface Heightens Risk

Studies show that 93% of companies are vulnerable to external attackers breaching their network perimeters and gaining access to sensitive data. That's because the attack surface - all points of entry that can serve as attack vectors for unauthorized users - is expanding rapidly as trends such as digitization, the hybrid workplace, and BYOD gain momentum. New ways to effectively implement Cyber Asset Attack Surface Management (CAASM) are essential to managing the attack surface, which 43% of global organizations say is "spiraling out of control." 

But for many of these agencies, creating a software asset inventory is an administrative nightmare. Manually locating, identifying, logging, and reporting on tens or hundreds of thousands of hardware and software assets across the organization would take hours of intense work, cost a lot of money, and potentially impact operations as skilled IT resources are diverted from other business-critical tasks.

How Lansweeper Can Help

Lansweeper is helping organizations of all sizes and across all industries manage their IT and understand the asset attack surface, minimize risk and strengthen their overall cybersecurity posture. It's an ideal tool to support CAASM by providing full visibility across all technology assets - software, hardware, operational technology, IoT devices, and even cloud assets.

Lansweeper detects and recognizes every connected asset across the technology estate, including all software with version number, publisher, and install date. Because Lansweeper extracts data from the "bare metal" rather than ingesting it from other sources, the data is always up-to-date and trustworthy.

Lansweeper also ingests technology asset data from various business-critical systems, such as SCCM, Windows Active Directory, Office 365, Chrome OS, and more, providing a complete 360-degree picture of the technology estate.

It can identify machines that contain vulnerable and unpatched software, and unauthorized software installs so that remediation can begin immediately. Using Lansweeper's Risk Insights - which draws from information from the NIST Vulnerability Database to provide a complete overview of all known vulnerabilities - teams can track assets that could be at risk, understand the severity of the vulnerabilities, and prioritize remediation efforts.

Get Compliant - Fast

If you are an agency impacted by the new executive order, now is the time to implement a solution for CAASM, such as Lansweeper. Find out how you can use Lansweeper to create and maintain a complete and always-accurate inventory to simplify CAASM, satisfy compliance requirements, optimize your software assets, and access the data you need to manage your growing technology asset estate effectively.

Get Compliant - Fast.

Contact us today to see how Lansweeper can help you achieve the Operational Directive and get compliant – fast.

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​