AIS-02: Application Security Baseline Requirements

CSF v1.1 References:

Previous Version:

Control Statement

Establish, document and maintain baseline requirements for securing different applications.

Implementation Guidance

At a minimum, baseline requirements should include:

  1. An alignment with established application security policies and industry standards.
  2. Risk assessment (business, technical risks) to evaluate application security alignment with the baseline and the performance of regular auditing (scanning/monitoring) to ensure such alignment is achieved.
  3. A consideration for unique requirements and characteristics of each application.
  4. Consideration and integration of lessons learned from issues/incidents back into the security policy.
  5. Incorporation of guidelines on how to meet and/or stay aligned with the established baseline.
  6. Periodic management review.

Auditing Guidance

  1. Examine policy and procedures for adequacy and effectiveness.
  2. Determine if security baseline requirements of respective applications are clearly defined.
  3. Examine the process to determine the baseline for an application.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.