Insights to Control Framework Mapping: Header Configurations Ingrid Refer to the following Header Configurations insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights: No Recommended HTTP Security Headers The lack of recommended HTTP security headers indicates ineffective and insecure web server configurations. The ratio of events of type [Ineffective HTTP Security Headers, Missing HTTP Security Headers] by type [HTTP Service, HTTPS Service] is above 50.0% Assessment Negative Observations Open Ports Web Application Headers CIS v8 Controls CIS v7 Controls Controls 16 Application Software Security Safeguards 16.1 Establish and Maintain a Secure Application Development Process 16.2 Establish and Maintain a Process to Accept and Address Software Vulnerabilities 16.3 Perform Root Cause Analysis on Security Vulnerabilities 16.4 Establish and Manage an Inventory of Third-Party Software Components 16.5 Use Up-to-Date and Trusted Third-Party Software Components 16.7 Use Standard Hardening Configuration Templates for Application Infrastructure 16.9 Train Developers in Application Security Concepts and Secure Coding 16.10 Apply Secure Design Principles in Application Architectures 16.11 Leverage Vetted Modules or Services for Application Security Components 16.12 Implement Code-Level Security Checks 16.13 Conduct Application Penetration Testing Controls 18 Application Software Security Safeguards 18.1 Establish Secure Coding Practices 18.2 Ensure That Explicit Error Checking is Performed for All In-House Developed Software 18.3 Verify That Acquired Software is Still Supported 18.4 Only Use Up-to-Date and Trusted Third-Party Components 18.5 Use Only Standardized and Extensively Reviewed Encryption Algorithms 18.6 Ensure Software Development Personnel are Trained in Secure Coding 18.7 Apply Static and Dynamic Code Analysis Tools 18.8 Establish a Process to Accept and Address Reports of Software Vulnerabilities 18.9 Separate Production and Non-Production Systems 18.10 Deploy Web Application Firewalls 18.11 Use Standard Hardening Configuration Templates for Databases Recommended HTTP Security Headers The presence of recommended HTTP security headers indicates effective and secure web server configurations. The ratio of events of type [Ineffective HTTP Security Headers, Missing HTTP Security Headers] by type [HTTP Service, HTTPS Service] is below 10.0% Assessment Positive Observations Open Ports Web Application Headers CIS v8 Controls CIS v7 Controls Controls 16 Application Software Security Safeguards 16.1 Establish and Maintain a Secure Application Development Process 16.2 Establish and Maintain a Process to Accept and Address Software Vulnerabilities 16.3 Perform Root Cause Analysis on Security Vulnerabilities 16.4 Establish and Manage an Inventory of Third-Party Software Components 16.5 Use Up-to-Date and Trusted Third-Party Software Components 16.7 Use Standard Hardening Configuration Templates for Application Infrastructure 16.9 Train Developers in Application Security Concepts and Secure Coding 16.10 Apply Secure Design Principles in Application Architectures 16.11 Leverage Vetted Modules or Services for Application Security Components 16.12 Implement Code-Level Security Checks 16.13 Conduct Application Penetration Testing Controls 18 Application Software Security Safeguards 18.1 Establish Secure Coding Practices 18.2 Ensure That Explicit Error Checking is Performed for All In-House Developed Software 18.3 Verify That Acquired Software is Still Supported 18.4 Only Use Up-to-Date and Trusted Third-Party Components 18.5 Use Only Standardized and Extensively Reviewed Encryption Algorithms 18.6 Ensure Software Development Personnel are Trained in Secure Coding 18.7 Apply Static and Dynamic Code Analysis Tools 18.8 Establish a Process to Accept and Address Reports of Software Vulnerabilities 18.9 Separate Production and Non-Production Systems 18.10 Deploy Web Application Firewalls 18.11 Use Standard Hardening Configuration Templates for Databases April 3, 2025: Published. Related articles How is the Web Application Headers Risk Vector Assessed? Web Application Headers Risk Vector TLS/SSL Finding Remediation & Remediation Verification Web Application Security Finding Messages Insights to Control Framework Mapping Feedback 0 comments Please sign in to leave a comment.