Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.PS-02.1: The organisation shall enforce restrictions on software usage and installation, and ensure that software is maintained, replaced, or removed based on its associated risk. |
|
PR.PS-02.1 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p123 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p85 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to reduce security and operational risks by controlling which software is used, ensur- ing it is properly maintained, and removing it when no longer needed or supported. To achieve this goal, the organisation should consider to: • Allow only approved software and restrict access based on user roles and responsibilities. • Replace unsupported or end-of-life software to avoid unpatched vulnerabilities. • Uninstall unused or unnecessary software, including outdated OS utilities, to reduce the attack surface. • Apply patches based on risk: o Critical vulnerabilities should be patched within hours. o Routine updates should follow a defined schedule (e.g. weekly or monthly). • In container environments, only trusted and up-to-date images should be used; outdated containers should be replaced. • Remove or disable software and services that pose unacceptable risk, such as FTP or peer-to-peer tools, unless explicitly required and secured. • In ICS/OT environments, ensure PLC programming is pre-approved and scheduled; avoid ad-hoc changes to protect operational safety. • Maintain a software inventory with version and support status. • Define procedures for software approval, patching, replacement, and removal. |
|
A general note, for any purpose. |
The goal of this control is to reduce security and operational risks by controlling which software is used, ensur- ing it is properly maintained, and removing it when no longer needed or supported. To achieve this goal, the organisation should consider to: - Allow only approved software and restrict access based on user roles and responsibilities. - Replace unsupported or end-of-life software to avoid unpatched vulnerabilities. - Uninstall unused or unnecessary software, including outdated OS utilities, to reduce the attack surface. - Apply patches based on risk: - Critical vulnerabilities should be patched within hours. - Routine updates should follow a defined schedule (e.g. weekly or monthly). - In container environments, only trusted and up-to-date images should be used; outdated containers should be replaced. - Remove or disable software and services that pose unacceptable risk, such as FTP or peer-to-peer tools, unless explicitly required and secured. - In ICS/OT environments, ensure PLC programming is pre-approved and scheduled; avoid ad-hoc changes to protect operational safety. - Maintain a software inventory with version and support status. - Define procedures for software approval, patching, replacement, and removal. |
|
A general note, for any purpose. |
The goal of this control is to reduce security and operational risks by controlling which software is used, ensur- ing it is properly maintained, and removing it when no longer needed or supported. To achieve this goal, the organisation should consider to: - Allow only approved software and restrict access based on user roles and responsibilities. - Replace unsupported or end-of-life software to avoid unpatched vulnerabilities. - Uninstall unused or unnecessary software, including outdated OS utilities, to reduce the attack surface. - Apply patches based on risk: - Critical vulnerabilities should be patched within hours. - Routine updates should follow a defined schedule (e.g. weekly or monthly). - In container environments, only trusted and up-to-date images should be used; outdated containers should be replaced. - Remove or disable software and services that pose unacceptable risk, such as FTP or peer-to-peer tools, unless explicitly required and secured. - In ICS/OT environments, ensure PLC programming is pre-approved and scheduled; avoid ad-hoc changes to protect operational safety. - Maintain a software inventory with version and support status. - Define procedures for software approval, patching, replacement, and removal. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to reduce security and operational risks by controlling which software is used, ensur- ing it is properly maintained, and removing it when no longer needed or supported. To achieve this goal, the organisation should consider to:</p><ul><li>Allow only approved software and restrict access based on user roles and responsibilities.</li><li>Replace unsupported or end-of-life software to avoid unpatched vulnerabilities.</li><li>Uninstall unused or unnecessary software, including outdated OS utilities, to reduce the attack surface.</li><li>Apply patches based on risk:<ul><li>Critical vulnerabilities should be patched within hours.</li><li>Routine updates should follow a defined schedule (e.g. weekly or monthly).</li></ul></li><li>In container environments, only trusted and up-to-date images should be used; outdated containers should be replaced.</li><li>Remove or disable software and services that pose unacceptable risk, such as FTP or peer-to-peer tools, unless explicitly required and secured.</li><li>In ICS/OT environments, ensure PLC programming is pre-approved and scheduled; avoid ad-hoc changes to protect operational safety.</li><li>Maintain a software inventory with version and support status.</li><li>Define procedures for software approval, patching, replacement, and removal.</li></ul></div> |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.PS-02.1 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Software usage and installation restrictions |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall enforce restrictions on software usage and installation, and ensure that software is maintained, replaced, or removed based on its associated risk. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1