FFIEC Guidelines for Software Inventory
A regional bank needed to comply with the U.S. Federal Financial Institutions Examination Council (FFIEC) Architecture, Infrastructure, and Operations (AIOP) Guideline III.B.1(b) – Software Inventory which requires management to maintain an accurate software inventory. This software inventory contains 17 attributes including Vendor Name and End-of-Life.
Cleansing Vendor Data with Tavro App Analyzer Agent
The regional bank found that the app data in ServiceNow CMDB was of poor data quality. The vendor names for individual apps were either missing or inaccurate. In many cases, the vendor name was outdated as companies went through mergers and acquisitions.As shown in the figure above, the Tavro App Analyzer Agent conducted independent research and updated 281 vendor names (47%) for 598 apps in ServiceNow CMDB.
Tavro End-of-Life (EOL) Agent
The Vendor_Latest_Version field was blank for 52% of the app records. The Tavro EOL agent appended updated EOL information for 100% of the blank fields. In addition, Tavro discovered three records where the Vendor_Latest_Version was more than five years old. These records highlighted a potential software vulnerability and were earmarked for human review.
The Tavro AI Agents reduced the data cleansing effort from several weeks to days for just two attributes in the software inventory in ServiceNow CMDB.
Menu
