Use up-to-date and trusted third-party software components. When possible, choose established and proven frameworks and libraries that provide adequate security. Acquire these components from trusted sources or evaluate the software for vulnerabilities before use.
Asset Type | Security Function | Implementation Groups |
---|---|---|
Applications | Protect | 2, 3 |
- Safeguard 16.4: Establish and Manage an Inventory of Third-Party Software Components
GV47
: Inventory of Third-Party Software Components
- For each software component in Input 1
GV47
, determine whether the latest component is being used - Identify and enumerate software components that are up-to-date (M2)
- Identify and enumerate software components that are not up-to-date (M3)
- For each software component in Input 1
- For each software component identified in Operaion 1.1, determine whether they are explicitly trusted by the enterprise
- Identify and enumerate software components that are trusted by the enterprise (M4)
- M1 = Count of Input 1
- M2 = Count of software components that are up-to-date
- M3 = Count of software components that are not up-to-date
- M4 = Count of software components that are up to date and trusted
Compliance ^^^^^^^^ .. list-table:
* - **Metric**
- | The percentage of up-to-date and trusted software components
* - **Calculation**
- :code:`M4 / M1`