Home
Browse frameworks
Contact us
SAMMY premium
Login
SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST CSF 2.0
Browse NIST CSF 2.0
SAMM
OpenSAMM1.5
ISO 27001 (Deprecated)
Cybersecurity Fundamentals
NIST CSF 2.0
NIST SSDF
NIST 800-34
DSOMM
BSIMM 14
GOVERN
Organizational Context
Risk Management Strategy
Roles, Responsibilities, and Authorities
Policies, Processes, and Procedures
Oversight
Supply Chain Risk Management
IDENTIFY
Asset Management
Risk Assessment
Improvement
PROTECT
Identity Management, Authentication, and Access Control
Awareness and Training
Data Security
Platform Security
Technology Infrastructure Resilience
DETECT
Continuous Monitoring
Adverse Event Analysis
RESPOND
Incident Management
Incident Analysis
Incident Response Reporting and Communication
Incident Mitigation
RECOVER
Incident Recovery Plan Execution
Incident Recovery Communication
PR.PS-01: Configuration Management
PR.PS-02: Software Maintenance and Replacement
PR.PS-03: Hardware Maintenance
PR.PS-04: Log Record Generation
PR.PS-05: Unauthorized Software Installation and Execution
PR.PS-06: Secure Systems Development Practices
Unauthorized Software Installation and Execution
PR.PS-05: Installation and execution of unauthorized software are prevented
Ex1: When risk warrants it, restrict software execution to permitted products only or deny the execution of prohibited and unauthorized software
Ex2: Verify the source of new software and the software’s integrity before installing it
Ex3: Configure platforms to use only approved DNS services that block access to known malicious domains
Ex4: Configure platforms to allow the installation of organization-approved software only
Not applicable
No
Tier 1: Partial
Tier 2: Risk informed
Tier 3: Repeatable
Tier 4: Adaptive
Description
Installation and execution of unauthorized software are prevented