UEM-02: Application and Service Approval

CSF v1.1 References:

Info icon.

Control is new to this version of the control set and incorporates the following items from the previous version: MOS-02: Application Stores, MOS-03: Approved Applications, MOS-04: Approved Software for BYOD, MOS-06: Cloud Based Services.

Control Statement

Define, document, apply and evaluate a list of approved services, applications and sources of applications (stores) acceptable for use by endpoints when accessing or storing organization-managed data.

Implementation Guidance

For managed endpoints, universally enforce policies through one or more centralized configuration management tools. Use risk assessment to determine what (if any) information or systems may be accessed or stored using unmanaged endpoints.

Auditing Guidance

  1. Determine if a list of approved services, applications and sources of applications (stores) acceptable for use by endpoints when accessing or storing organization-managed data have been identified and documented.
  2. Determine if the identified and documented list of approved services, applications and sources of applications (stores) acceptable for use by endpoints when accessing or storing organization-managed data have been enforced.
  3. Examine how endpoints are monitored for unauthorized services and the process to remove or terminate use of non-sanctioned resources.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.