Application control is implemented on internet-facing servers.
Topic
Application control
Applicable to
all
History
Priority
Must
Apr 2020
Aplication control is implemented on all servers to restrict the execution of executables, software libraries, scripts and installers to an approved set.
Security controls 0843, 1490, 0955, 1471, 1392, 1544, 0846 and 0957 were modified to replace ‘application whitelisting’ with ‘application control’.
Mar 2020
An application whitelisting solution is implemented on all servers to restrict the execution of executables, software libraries, scripts and installers to an approved set.
Jul 2019
An application whitelisting solution is implemented on all servers to restrict the execution of executables, software libraries, scripts and installers to an approved set.
Security control 1490 was modified to expand its scope from specific types of servers to all servers within an organisation’s ICT environment.
Jun 2019
An application whitelisting solution is implemented on Active Directory servers, email servers and other servers handling user authentication to restrict the execution of executables, software libraries, scripts and installers to an approved set.
Nov 2018
An application whitelisting solution is implemented on Active Directory servers, email servers and other servers handling user authentication to restrict the execution of executables, software libraries, scripts and installers to an approved set.
Added to address a gap in guidance on the use of application whitelisting on important servers.