Define and implement a process for the validation of the endpoint device's compatibility with operating systems and applications.
The company should have a documented application validation process to test for compatibility issues regarding mobile devices, operating systems, and applications. Misconfigured endpoints will not only impact operations but will also introduce attack vectors. Poor configuration settings could involve open ports, outdated exceptions, insecure protocols allowed, etc. Any configuration changes once in production should follow change management guidelines (why, what, how) and require appropriate approvals.
- Examine the process for endpoint compatibility validation.
- Determine if the process produces a published compatibility matrix.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.