CTPAT Breakdown: 4.11

Item 4.11

Cybersecurity policies and procedures should include
measures to prevent the use of counterfeit or improperly
licensed technological products.

Implementation Guidelines

Computer software is intellectual property (IP) owned by the entity that
created it. Without the express permission of the manufacturer or
publisher, it is illegal to install software, no matter how it is acquired.
That permission almost always takes the form of a license from the
publisher, which accompanies authorized copies of software. Unlicensed
software is more likely to fail as a result of an inability to update. It is
more prone to contain malware, rendering computers and their
information useless. Expect no warranties or support for unlicensed
software, leaving your company on its own to deal with failures. There
are legal consequences for unlicensed software as well, including stiff
civil penalties and criminal prosecution. Software pirates increase costs
to users of legitimate, authorized software and decrease the capital
available to invest in research and development of new software.
Members may want to have a policy that requires product key labels and
certificates of authenticity to be kept when new media is purchased. CDs,
DVDs, and USB media include holographic security features to help
ensure you receive authentic products and to protect against
counterfeiting.

Yet another management item that creates more work for IT staff.

Implementation

You need a policy and procedures on how to handle the products.

This means you need a list of authorized software, license controls, and “secure” storage of installation files. License keys need an auditable usage list.

Vulnerability and/or inventory scans should include the installed software on each device.

Bookmark the permalink.

Comments are closed.