Back

Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services.


CONTROL ID
13104
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain information flow control policies inside the system and between interconnected systems., CC ID: 01410

This Control has the following implementation support Control(s):
  • Refrain from storing restricted data at unsafe Internet services or virtual servers., CC ID: 13107
  • Establish, implement, and maintain whitelists and blacklists of domain names., CC ID: 07097
  • Establish, implement, and maintain whitelists and blacklists of web content., CC ID: 15234


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The FI should not use unsafe internet services such as social media sites, cloud-based internet storage sites, and web-based emails to communicate or store confidential information. The FI should implement measures to prevent and detect the use of such services within the FI. (§ 9.1.4, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • Security measures should be implemented to prevent and detect the use of unauthorised internet services which allow users to communicate or store confidential data. Examples of such services include social media, cloud storage and file sharing, emails, and messaging applications. (§ 11.1.5, Technology Risk Management Guidelines, January 2021)
  • If a list of allowed websites is not implemented, a list of allowed website categories is implemented instead. (Security Control: 1170; Revision: 3, Australian Government Information Security Manual, March 2021)
  • Personnel are advised not to send or receive files via unauthorised online services. (Control: ISM-0824; Revision: 2, Australian Government Information Security Manual, June 2023)
  • Access to non-approved webmail services is blocked. (Control: ISM-0267; Revision: 7, Australian Government Information Security Manual, June 2023)
  • Personnel are advised not to send or receive files via unauthorised online services. (Control: ISM-0824; Revision: 2, Australian Government Information Security Manual, September 2023)
  • Access to non-approved webmail services is blocked. (Control: ISM-0267; Revision: 7, Australian Government Information Security Manual, September 2023)
  • The increased risk due to network services accessible via the internet, (5.2.7 Requirements (should) Bullet 2 Sub-Bullet 3, Information Security Assessment, Version 5.1)
  • Controls are maintained over telecommunication(s), including remote access by users, programmers and vendors; and over firewalls and routers to control and monitor access to platforms, systems and applications; (TIER II OBJECTIVES AND PROCEDURES D.1. Bullet 9, FFIEC IT Examination Handbook - Audit, April 2012)
  • Monitor open source websites for hostile content directed towards organizational or partner interests. (T0751, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Monitor open source websites for hostile content directed towards organizational or partner interests. (T0751, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)