7.1: Ensure Use of Only Fully Supported Browsers and Email Clients
==================================================================
Ensure that only fully supported web browsers and email clients are allowed to execute in the organization, ideally only using the latest version of the browsers and email clients provided by the vendor.

.. list-table::
	:header-rows: 1

	* - Asset Type
	  - Security Function
	  - Implementation Groups
	* - Applications
	  - Protect
	  - 1, 2, 3

Dependencies
------------
* Sub-control 2.1: Maintain Inventory of Authorized Software

Inputs
------
#. From the authorized software list (ASL: sub-control 2.1), the inventory of web browser and email client software with a notation of "supported" or "unsupported" for each entry.
#. Access to an authoritative source of information indicating supported/unsupported details by product.

Operations
----------
#. For each entry in Input 1, perform a lookup in Input 2 to verify.
#. For each entry in Input 1 labeled "supported", perform a lookup in Input 2.  From these lookups, note the list of authorized software labeled "supported" but are actually not supported based on the authoritative source lookup.
#. For each entry in Input 1 labeled "unsupported", perform a lookup in Input 2.  From these lookups, note the list of authorized software labeled "unsupported" but are actually supported based on the authoritative source lookup.

Measures
--------
* M1 = List of unsupported items in Input 1 (combination of Operation 1 results and those initially marked as unsupported in input 1)
* M2 = Count of M1
* M3 = List of authorized web browser/email client software
* M4 = Count of M3
* M5 = List of items from Input 1 labeled as "supported" that are not actually supported
* M6 = Count of M5
* M7 = List of items from Input 1 labeled as "unsupported" but are actually supported
* M8 = Count of M7

Metrics
-------

Percentage of Unsupported Web Browser/Email Client Software in Use
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. list-table::

	* - **Metric**
	  - | The calculation of this metric is determined by the ratio of unsupported web
	    | browser/email client software to the total authorized web browser/email client software
	    | in use.
	* - **Calculation**
	  - :code:`(M4 - M2) / M4`

Rate of False Positives
^^^^^^^^^^^^^^^^^^^^^^^
.. list-table::

	* - **Metric**
	  - | The calculation of this metric is determined by the ratio of web browser/email client
	    | software labeled "supported" but found to be unsupported, to the total authorized web
	    | browser/email client software in use.
	* - **Calculation**
	  - :code:`(M4 - M6) / M4`

Rate of False Negatives
^^^^^^^^^^^^^^^^^^^^^^^
.. list-table::

	* - **Metric**
	  - | The calculation of this metric is determined by the ratio of web browser/email client
	    | software labeled "unsupported" but found to be supported, to the total authorized web
	    | browser/email client software in use.
	* - **Calculation**
	  - :code:`(M4 - M8) / M4`
.. history
.. authors
.. license