7.1: Ensure Use of Only Fully Supported Browsers and Email Clients
Ensure that only fully supported web browsers and email clients are allowed to execute in the organization, ideally only using the latest version of the browsers and email clients provided by the vendor.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Applications |
Protect |
1, 2, 3 |
Dependencies
Sub-control 2.1: Maintain Inventory of Authorized Software
Inputs
From the authorized software list (ASL: sub-control 2.1), the inventory of web browser and email client software with a notation of “supported” or “unsupported” for each entry.
Access to an authoritative source of information indicating supported/unsupported details by product.
Operations
For each entry in Input 1, perform a lookup in Input 2 to verify.
For each entry in Input 1 labeled “supported”, perform a lookup in Input 2. From these lookups, note the list of authorized software labeled “supported” but are actually not supported based on the authoritative source lookup.
For each entry in Input 1 labeled “unsupported”, perform a lookup in Input 2. From these lookups, note the list of authorized software labeled “unsupported” but are actually supported based on the authoritative source lookup.
Measures
M1 = List of unsupported items in Input 1 (combination of Operation 1 results and those initially marked as unsupported in input 1)
M2 = Count of M1
M3 = List of authorized web browser/email client software
M4 = Count of M3
M5 = List of items from Input 1 labeled as “supported” that are not actually supported
M6 = Count of M5
M7 = List of items from Input 1 labeled as “unsupported” but are actually supported
M8 = Count of M7
Metrics
Percentage of Unsupported Web Browser/Email Client Software in Use
Metric |
The calculation of this metric is determined by the ratio of unsupported web
browser/email client software to the total authorized web browser/email client software
in use.
|
Calculation |
|
Rate of False Positives
Metric |
The calculation of this metric is determined by the ratio of web browser/email client
software labeled “supported” but found to be unsupported, to the total authorized web
browser/email client software in use.
|
Calculation |
|
Rate of False Negatives
Metric |
The calculation of this metric is determined by the ratio of web browser/email client
software labeled “unsupported” but found to be supported, to the total authorized web
browser/email client software in use.
|
Calculation |
|