2.10: Physically or Logically Segregate High Risk Applications
Physically or logically segregated systems should be used to isolate and run software that is required for business operations but incurs higher risk for the organization.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Applications |
Protect |
3 |
Dependencies
Sub-control 2.1: Maintain Inventory of Authorized Software
Inputs
List of approved high-risk applications (subset of Approved Software List). For each, include the mechanisms used to provide separation.
Approved configuration(s) for each separation mechanism listed in Input 1
Operations
- For each application in Input 1, compare the configurations of the associated separation mechanisms to the appropriate approved configuration(s) from Input 2.
Create a list of applications that are adequately separated noting which configuration(s) were checked (M1)
Create a list of applications that are not adequately separated noting which configurations were checked and any deviations
Measures
M1 = List of high-risk applications that are properly segregated (compliant list)
M2 = List of high-risk applications that are not properly segregated (non-compliant list)
M3 = Count of high-risk applications that are properly segregated (count of M1)
M4 = The total number of approved high-risk applications (count of Input 1)
Metrics
Metric |
The ratio of properly separated high-risk applications to the total number of high-risk
applications
|
Calculation |
|