Refer to the following Header Configurations insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights:
The lack of recommended HTTP security headers indicates ineffective and insecure web server configurations.
The ratio of events of type [Ineffective HTTP Security Headers, Missing HTTP Security Headers] by type [HTTP Service, HTTPS Service] is above 50.0%
Negative
| CIS v8 Controls |
CIS v7 Controls |
|
16 Application Software Security
- 16.1 Establish and Maintain a Secure Application Development Process
- 16.2 Establish and Maintain a Process to Accept and Address Software Vulnerabilities
- 16.3 Perform Root Cause Analysis on Security Vulnerabilities
- 16.4 Establish and Manage an Inventory of Third-Party Software Components
- 16.5 Use Up-to-Date and Trusted Third-Party Software Components
- 16.7 Use Standard Hardening Configuration Templates for Application Infrastructure
- 16.9 Train Developers in Application Security Concepts and Secure Coding
- 16.10 Apply Secure Design Principles in Application Architectures
- 16.11 Leverage Vetted Modules or Services for Application Security Components
- 16.12 Implement Code-Level Security Checks
- 16.13 Conduct Application Penetration Testing
|
18 Application Software Security
- 18.1 Establish Secure Coding Practices
- 18.2 Ensure That Explicit Error Checking is Performed for All In-House Developed Software
- 18.3 Verify That Acquired Software is Still Supported
- 18.4 Only Use Up-to-Date and Trusted Third-Party Components
- 18.5 Use Only Standardized and Extensively Reviewed Encryption Algorithms
- 18.6 Ensure Software Development Personnel are Trained in Secure Coding
- 18.7 Apply Static and Dynamic Code Analysis Tools
- 18.8 Establish a Process to Accept and Address Reports of Software Vulnerabilities
- 18.9 Separate Production and Non-Production Systems
- 18.10 Deploy Web Application Firewalls
- 18.11 Use Standard Hardening Configuration Templates for Databases
|
The presence of recommended HTTP security headers indicates effective and secure web server configurations.
The ratio of events of type [Ineffective HTTP Security Headers, Missing HTTP Security Headers] by type [HTTP Service, HTTPS Service] is below 10.0%
Positive
| CIS v8 Controls |
CIS v7 Controls |
|
16 Application Software Security
- 16.1 Establish and Maintain a Secure Application Development Process
- 16.2 Establish and Maintain a Process to Accept and Address Software Vulnerabilities
- 16.3 Perform Root Cause Analysis on Security Vulnerabilities
- 16.4 Establish and Manage an Inventory of Third-Party Software Components
- 16.5 Use Up-to-Date and Trusted Third-Party Software Components
- 16.7 Use Standard Hardening Configuration Templates for Application Infrastructure
- 16.9 Train Developers in Application Security Concepts and Secure Coding
- 16.10 Apply Secure Design Principles in Application Architectures
- 16.11 Leverage Vetted Modules or Services for Application Security Components
- 16.12 Implement Code-Level Security Checks
- 16.13 Conduct Application Penetration Testing
|
18 Application Software Security
- 18.1 Establish Secure Coding Practices
- 18.2 Ensure That Explicit Error Checking is Performed for All In-House Developed Software
- 18.3 Verify That Acquired Software is Still Supported
- 18.4 Only Use Up-to-Date and Trusted Third-Party Components
- 18.5 Use Only Standardized and Extensively Reviewed Encryption Algorithms
- 18.6 Ensure Software Development Personnel are Trained in Secure Coding
- 18.7 Apply Static and Dynamic Code Analysis Tools
- 18.8 Establish a Process to Accept and Address Reports of Software Vulnerabilities
- 18.9 Separate Production and Non-Production Systems
- 18.10 Deploy Web Application Firewalls
- 18.11 Use Standard Hardening Configuration Templates for Databases
|
-
April 3, 2025: Published.
Feedback
0 comments
Please sign in to leave a comment.