Куда я попал?
CIS Critical Security Controls v8 (The 18 CIS CSC)
Framework
2.6
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
2.6 Allowlist Authorized Libraries
Use technical controls to ensure that only authorized software libraries, such as specific .dll, .ocx, .so, etc., files are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually, or more frequently.Обязательно для implementation Group 2 3
Похожие требования
NIST Cybersecurity Framework (RU):
DE.CM-7
DE.CM-7: Выполняется мониторинг неавторизованных персонала, подключений, устройств и программного обеспечения
PR.DS-6
PR.DS-6: Механизмы проверки целостности используются для проверки программного обеспечения, встроенного программного обеспечения и целостности информации.
CIS Critical Security Controls v7.1 (SANS Top 20):
CSC 2.8
CSC 2.8 Implement Application Whitelisting of Libraries
The organization's application whitelisting software must ensure that only authorized software libraries (such as *.dll, *.ocx, *.so, etc.) are allowed to load into a system process.
The organization's application whitelisting software must ensure that only authorized software libraries (such as *.dll, *.ocx, *.so, etc.) are allowed to load into a system process.
Strategies to Mitigate Cyber Security Incidents (EN):
1.1.
Application control to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.
Relative Security Effectiveness: Essential | Potential User Resistance: Medium | Upfront Cost: High | Ongoing Maintenance Cost: Medium
Relative Security Effectiveness: Essential | Potential User Resistance: Medium | Upfront Cost: High | Ongoing Maintenance Cost: Medium
SWIFT Customer Security Controls Framework v2022:
6 - 6.2 Software Integrity
6.2 Software Integrity
Связанные защитные меры
Ничего не найдено