This objective, and the other similar ‘include‘ objectives, simply state what has to be in your Product Working Practices. You may want to include more, but you cannot be missing any of these and still deliver a secure Product.
- Group or Individual
- Product Team
- Artefact
- Product Working Practices
- Concepts
- Secure Configuration Of Third-Party Product Components
- Document
- Secure Configuration Of Third-Party Product Components
- Risk Type
- Viability
- Event
- The Likelihood of a Security Incident is increased
- Caused By
- Product Teams not securing their Product Components
- Leading To
- Loss of customers, financial fraud losses, increased TCO, substantial fines/sanctions from an external regulatory body
-
O-EM-A-1-1
Operations > Environment Management > Configuration Hardening
- Do you harden configurations for key components of your technology stacks?
-
O-EM-A-2-1
Operations > Environment Management > Configuration Hardening
- Do you have hardening baselines for your components?