9.1: Ensure Use of Only Fully Supported Browsers and Email Clients

Ensure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor.

Asset Type	Security Function	Implementation Groups
Applications	Protect	1, 2, 3

Dependencies

• Safeguard 2.1: Establish and Maintain a Software Inventory

Inputs

1. GV5: Authorized software inventory

2. Authoritative source of information indicating supported/unsupported details by product.

Operations

1. Use GV5 to identify and enumerate web browser and email client software (M1)

2. Compare each software identified in Operation 1 to Input 2

   1. Identify and enumerate software labeled as “supported” that is currently supported (M2)

   2. Identify and enumerate software labeled as “supported” that is currently unsupported (M3)

   3. Identify and enumerate software labeled as “unsupported” that is currently unsupported (M4)

   4. Identify and enumerate software labeled as “unsupported” that is currently supported (M5)

Measures

• M1 = Count of authorized web browser and email client software

• M2 = Count of software labeled as “supported” and currently supported

• M3 = Count of software labeled as “supported” and currently unsupported

• M4 = Count of software labeled as “unsupported” and currently unsupported

• M5 = Count of software labeled as “unsupported” and currently supported

Metrics

Percentage of Unsupported Web Browser/Email Client Software in Use

Metric	The percentage of unsupported web browser and email client software in use
Calculation	(M3 + M4) / M1

Rate of False Positives

Rate of False Negatives