Insights to Control Framework Mapping: Mobile Applications Ingrid Refer to the following Mobile Applications insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights: No Mobile Application Development Vulnerabilities The lack of mobile application development vulnerabilities indicates effective control of the Secure Application Development Life Cycle (SDLC) The ratio of events of type [Mobile Application Vulnerability] by type [Good Mobile Application Security Finding] is below 12.0% Assessment Positive Observations Mobile Application Security CIS v8 Controls CIS v7 Controls Controls 16 Application Software Security Safeguards 16.1 Establish and Maintain a Secure Application Development Process 16.2 Establish and Maintain a Process to Accept and Address Software Vulnerabilities 16.3 Perform Root Cause Analysis on Security Vulnerabilities 16.4 Establish and Manage an Inventory of Third-Party Software Components 16.5 Use Up-to-Date and Trusted Third-Party Software Components 16.7 Use Standard Hardening Configuration Templates for Application Infrastructure 16.9 Train Developers in Application Security Concepts and Secure Coding 16.10 Apply Secure Design Principles in Application Architectures 16.11 Leverage Vetted Modules or Services for Application Security Components 16.12 Implement Code-Level Security Checks 16.13 Conduct Application Penetration Testing Controls 18 Application Software Security Safeguards 18.1 Establish Secure Coding Practices 18.2 Ensure That Explicit Error Checking is Performed for All In-House Developed Software 18.3 Verify That Acquired Software is Still Supported 18.4 Only Use Up-to-Date and Trusted Third-Party Components 18.5 Use Only Standardized and Extensively Reviewed Encryption Algorithms 18.6 Ensure Software Development Personnel are Trained in Secure Coding 18.7 Apply Static and Dynamic Code Analysis Tools 18.8 Establish a Process to Accept and Address Reports of Software Vulnerabilities 18.9 Separate Production and Non-Production Systems 18.10 Deploy Web Application Firewalls 18.11 Use Standard Hardening Configuration Templates for Databases Mobile Application Development Vulnerabilities The presence of mobile application development vulnerabilities indicates ineffective control of the Secure Application Development Life Cycle (SDLC) The ratio of events of type [Mobile Application Vulnerability] by type [Good Mobile Application Security Finding] is above 20.0% Assessment Negative Observations Mobile Application Security CIS v8 Controls CIS v7 Controls Controls 16 Application Software Security Safeguards 16.1 Establish and Maintain a Secure Application Development Process 16.2 Establish and Maintain a Process to Accept and Address Software Vulnerabilities 16.3 Perform Root Cause Analysis on Security Vulnerabilities 16.4 Establish and Manage an Inventory of Third-Party Software Components 16.5 Use Up-to-Date and Trusted Third-Party Software Components 16.7 Use Standard Hardening Configuration Templates for Application Infrastructure 16.9 Train Developers in Application Security Concepts and Secure Coding 16.10 Apply Secure Design Principles in Application Architectures 16.11 Leverage Vetted Modules or Services for Application Security Components 16.12 Implement Code-Level Security Checks 16.13 Conduct Application Penetration Testing Controls 18 Application Software Security Safeguards 18.1 Establish Secure Coding Practices 18.2 Ensure That Explicit Error Checking is Performed forAll In-House Developed Software 18.3 Verify That Acquired Software is Still Supported 18.4 Only Use Up-to-Date and Trusted Third-Party Components 18.5 Use Only Standardized and Extensively Reviewed EncryptionAlgorithms 18.6 Ensure Software Development Personnel are Trained inSecure Coding 18.7 Apply Static and Dynamic Code Analysis Tools 18.8 Establish a Process to Accept and Address Reports ofSoftware Vulnerabilities 18.9 Separate Production and Non-Production Systems 18.10 Deploy Web Application Firewalls 18.11 Use Standard Hardening Configuration Templates forDatabases April 1, 2025: Published. Related articles Server Software Risk Vector Network Mapping Process Insights to Control Framework Mapping Integrating Bitsight with ADFS PATCH: Edit Tiers Feedback 0 comments Please sign in to leave a comment.