Establish, document and maintain baseline requirements for securing different applications.
At a minimum, baseline requirements should include:
- An alignment with established application security policies and industry standards.
- Risk assessment (business, technical risks) to evaluate application security alignment with the baseline and the performance of regular auditing (scanning/monitoring) to ensure such alignment is achieved.
- A consideration for unique requirements and characteristics of each application.
- Consideration and integration of lessons learned from issues/incidents back into the security policy.
- Incorporation of guidelines on how to meet and/or stay aligned with the established baseline.
- Periodic management review.
- Examine policy and procedures for adequacy and effectiveness.
- Determine if security baseline requirements of respective applications are clearly defined.
- Examine the process to determine the baseline for an application.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.