Information
With the introduction of Mac OS X 10.6.6, Apple added a new application, App Store, which resides in the Applications directory. This application allows a user with admin privileges and an Apple ID to browse Apple's online App Store, purchase (including no cost purchases), and install new applications, bypassing Enterprise software inventory controls. Any admin user can install software in the /Applications directory whether from internet downloads, thumb drives, optical media, cloud storage or even binaries through email. Even standard users can run executables if permitted. The source of the software is not nearly as important as a consistent audit of all installed software for patch compliance and appropriateness.
A single user desktop where the user, administrator and the person approving software are all the same person probably does not need to audit software inventory to this extent. It is helpful in the case of stability problems or malware however.
Scan systems on a monthly basis and determine the number of unauthorized pieces of software that are installed. Verify that if an unauthorized piece of software is found one month, it is removed from the system the next.
Export Apple System Profiler information through the built-in or other third party tools on an organizationally defined timetable.
Additional Information:
https://www.sans.org/critical-security-controls/control.php?id=2
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.