apiperCIS
commented
5 years ago Inputs 1) List of web browsers and email clients installed in the organization by endpoint (subset of Integrated Hardware/Software Inventory from Sub-Control 2.5) 2) Approved configuration(s) covering each web browser and email client in Input 1 to restrict the scripting languages that can run to only the authorized scripting languages
Operations 1) For each application instance (web browser or email client) in Input 1, check the application's configuration against the appropriate approved configuration(s) from Input 2. Create a list of the application instances that meet the approved configuration (M1) and a list of the application instances that that do not meet the approved configuration (M2) noting each deviation.
Measures M1: List of application instances (web browser or email client) that meet the approved configuration (compliant list) M2: List of application instances (web browser or email client) that do not meet the approved configuration (non-compliant list) M3: Count of compliant application instances (count of M1) M4: Count of non-compliant application instances (count of M2) M5: Total count of installed web browser and email client instances (count of Input 1)
Metrics Ratio of compliant web browser and email client instances: M3 / M5
Ensure that only authorized scripting languages are able to run in all web browsers and email clients.
Measures
Metrics