Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Insights to Control Framework Mapping: Mobile Applications

Ingrid

Refer to the following Mobile Applications insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights:

No Mobile Application Development Vulnerabilities

The lack of mobile application development vulnerabilities indicates effective control of the Secure Application Development Life Cycle (SDLC)

The ratio of events of type [Mobile Application Vulnerability] by type [Good Mobile Application Security Finding] is below 12.0%

Assessment

insight-effective.png Positive

Observations

Mobile Application Security

CIS v8 Controls CIS v7 Controls

Controls

16 Application Software Security

Safeguards

  • 16.1 Establish and Maintain a Secure Application Development Process
  • 16.2 Establish and Maintain a Process to Accept and Address Software Vulnerabilities
  • 16.3 Perform Root Cause Analysis on Security Vulnerabilities
  • 16.4 Establish and Manage an Inventory of Third-Party Software Components
  • 16.5 Use Up-to-Date and Trusted Third-Party Software Components
  • 16.7 Use Standard Hardening Configuration Templates for Application Infrastructure
  • 16.9 Train Developers in Application Security Concepts and Secure Coding
  • 16.10 Apply Secure Design Principles in Application Architectures
  • 16.11 Leverage Vetted Modules or Services for Application Security Components
  • 16.12 Implement Code-Level Security Checks
  • 16.13 Conduct Application Penetration Testing

Controls

18 Application Software Security

Safeguards

  • 18.1 Establish Secure Coding Practices
  • 18.2 Ensure That Explicit Error Checking is Performed for All In-House Developed Software
  • 18.3 Verify That Acquired Software is Still Supported
  • 18.4 Only Use Up-to-Date and Trusted Third-Party Components
  • 18.5 Use Only Standardized and Extensively Reviewed Encryption Algorithms
  • 18.6 Ensure Software Development Personnel are Trained in Secure Coding
  • 18.7 Apply Static and Dynamic Code Analysis Tools
  • 18.8 Establish a Process to Accept and Address Reports of Software Vulnerabilities
  • 18.9 Separate Production and Non-Production Systems
  • 18.10 Deploy Web Application Firewalls
  • 18.11 Use Standard Hardening Configuration Templates for Databases

Mobile Application Development Vulnerabilities

The presence of mobile application development vulnerabilities indicates ineffective control of the Secure Application Development Life Cycle (SDLC)

The ratio of events of type [Mobile Application Vulnerability] by type [Good Mobile Application Security Finding] is above 20.0%

Assessment

x Negative

Observations

Mobile Application Security

CIS v8 Controls CIS v7 Controls

Controls

16 Application Software Security

Safeguards

  • 16.1 Establish and Maintain a Secure Application Development Process
  • 16.2 Establish and Maintain a Process to Accept and Address Software Vulnerabilities
  • 16.3 Perform Root Cause Analysis on Security Vulnerabilities
  • 16.4 Establish and Manage an Inventory of Third-Party Software Components
  • 16.5 Use Up-to-Date and Trusted Third-Party Software Components
  • 16.7 Use Standard Hardening Configuration Templates for Application Infrastructure
  • 16.9 Train Developers in Application Security Concepts and Secure Coding
  • 16.10 Apply Secure Design Principles in Application Architectures
  • 16.11 Leverage Vetted Modules or Services for Application Security Components
  • 16.12 Implement Code-Level Security Checks
  • 16.13 Conduct Application Penetration Testing

Controls

18 Application Software Security

Safeguards

  • 18.1 Establish Secure Coding Practices
  • 18.2 Ensure That Explicit Error Checking is Performed forAll In-House Developed Software
  • 18.3 Verify That Acquired Software is Still Supported
  • 18.4 Only Use Up-to-Date and Trusted Third-Party Components
  • 18.5 Use Only Standardized and Extensively Reviewed EncryptionAlgorithms
  • 18.6 Ensure Software Development Personnel are Trained inSecure Coding
  • 18.7 Apply Static and Dynamic Code Analysis Tools
  • 18.8 Establish a Process to Accept and Address Reports ofSoftware Vulnerabilities
  • 18.9 Separate Production and Non-Production Systems
  • 18.10 Deploy Web Application Firewalls
  • 18.11 Use Standard Hardening Configuration Templates forDatabases
  • April 1, 2025: Published.

Related articles

Feedback

0 comments

Please sign in to leave a comment.