Back

Discourage the modification of vendor-supplied software.


CONTROL ID
12016
CONTROL TYPE
Process or Activity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Acquire products or services., CC ID: 11450

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Modifications to software packages shall be discouraged, limited to necessary changes and all changes shall be strictly controlled. (A.14.2.4 Control, ISO 27001:2013, Information Technology - Security Techniques - Information Security Management Systems - Requirements, 2013)
  • Modifications to software packages should be discouraged, limited to necessary changes and all changes should be strictly controlled. (§ 14.2.4 Control, ISO/IEC 27002:2013(E), Information technology — Security techniques — Code of practice for information security controls, Second Edition)