Back

Test in scope systems for compliance with the Configuration Baseline Documentation Record.


CONTROL ID
12130
CONTROL TYPE
Configuration
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a testing program., CC ID: 00654

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • For alternate devices, backup machines and other facilities that are not operated routinely, inspection should be carried out on a regular basis to ensure proper functioning. (P54.4., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Performing technical audits including vulnerability assessment of critical devices and networks, and any other connected networks, to identify security concerns (Critical components of information security 24) viii. ¶ 1 g., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • For applications that rely on a database, use standard hardening configuration templates. All systems that are part of critical business processes should also be tested. (Control 18.7, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • For applications that rely on a database, use standard hardening configuration templates. All systems that are part of critical business processes should also be tested. (CIS Control 18: Sub-Control 18.11 Use Standard Hardening Configuration Templates for Databases, CIS Controls, 7.1)
  • For applications that rely on a database, use standard hardening configuration templates. All systems that are part of critical business processes should also be tested. (CIS Control 18: Sub-Control 18.11 Use Standard Hardening Configuration Templates for Databases, CIS Controls, V7)
  • Organizations should institute separate environments for development, test, production, and other scenarios, each with specific controls to provide role-based access control for container deployment and management activities. All container creation should be associated with individual user identitie… (4.4.5 ¶ 1, NIST SP 800-190, Application Container Security Guide)
  • Ongoing, continuously updated, centralized reporting and monitoring of image compliance state to identify weaknesses and risks at the organizational level. (4.1.2 ¶ 1 (2), NIST SP 800-190, Application Container Security Guide)