UEM-03: Compatibility

Info icon.

Control is new to this version of the control set and incorporates the following control from the previous version: MOS-07: Compatibility.

Control Statement

Define and implement a process for the validation of the endpoint device's compatibility with operating systems and applications.

Implementation Guidance

The company should have a documented application validation process to test for compatibility issues regarding mobile devices, operating systems, and applications. Misconfigured endpoints will not only impact operations but will also introduce attack vectors. Poor configuration settings could involve open ports, outdated exceptions, insecure protocols allowed, etc. Any configuration changes once in production should follow change management guidelines (why, what, how) and require appropriate approvals.

Auditing Guidance

  1. Examine the process for endpoint compatibility validation.
  2. Determine if the process produces a published compatibility matrix.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.