CSA CCM STA-10

The mitigative applications of this control relate to: "(c) documentation and testing of the specific technical controls implemented to support the product or service (e.g., identity and access management, network design and security)" "(e) software supply chain risk management practices for ensuring software integrity, traceability, and provenance (e.g., software build practices, component management, and use of Software Bill of Materials (SBOMs))" Code Signing can ensure the authenticity and integrity of software by digitally signing executables, scripts, and other code artifacts.

The mitigative applications of this control relate to: "(c) documentation and testing of the specific technical controls implemented to support the product or service (e.g., identity and access management, network design and security)" "(e) software supply chain risk management practices for ensuring software integrity, traceability, and provenance (e.g., software build practices, component management, and use of Software Bill of Materials (SBOMs))" SBOMs are known to provide transparency into software components, which may enable the identification of vulnerable software libraries, components, or code and mitigate the injection or execution of vulnerable or malicious code on public-facing applications or systems.

The mitigative applications of this control relate to: "(c) documentation and testing of the specific technical controls implemented to support the product or service (e.g., identity and access management, network design and security)" Network design and security testing (segmentation, secure protocols, egress controls) limit an adversary’s ability to move laterally or exfiltrate via compromised software components through SMB and RDP as well as applications that may be used within internal networks such as MySQL and web server services.

The mitigative applications of this control relate to (e) "software supply chain risk management practices for ensuring software integrity, traceability, and provenance (e.g., software build practices, component management, and use of Software Bill of Materials (SBOMs))" SBOMs are known to provide transparency into software components, which may enable the identification of vulnerable software libraries, components, or code and mitigate the injection or execution of vulnerable or malicious code from known installed software extensions on endpoints.

The mitigative applications of this control relate to (e) "software supply chain risk management practices for ensuring software integrity, traceability, and provenance (e.g., software build practices, component management, and use of Software Bill of Materials (SBOMs))" SBOMs are known to provide transparency into software components, which may enable the identification of vulnerable software libraries, components, or code and mitigate the injection or execution of vulnerable or malicious code.

The mitigative applications of this control relate to (e) "software supply chain risk management practices for ensuring software integrity, traceability, and provenance (e.g., software build practices, component management, and use of Software Bill of Materials (SBOMs))" SBOMs are known to provide transparency into software components, which may enable the identification of vulnerable software libraries, components, or code and mitigate the injection or execution of vulnerable or malicious code.

The mitigative applications of this control relate to (e) "software supply chain risk management practices for ensuring software integrity, traceability, and provenance (e.g., software build practices, component management, and use of Software Bill of Materials (SBOMs))" SBOMs are known to provide transparency into software components, which may enable the identification of vulnerable software libraries, components, or code and mitigate the injection or execution of vulnerable or malicious code.