Content library
ISO 27001 (2013): Full
12.6.2: Restrictions on software installation

How to fill the requirement

ISO 27001 (2013): Full

12.6.2: Restrictions on software installation

Task name
Priority
Status
Theme
Policy
Other requirements
Personnel guidelines for safe usage of mobile devices
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Remote work and mobile devices
Mobile device management
20
requirements

Task is fulfilling also these other security requirements

11.2.6: Security of equipment and assets off-premises
ISO27 Full
6.2.1: Mobile device policy
ISO27 Full
10.1.1: Policy on the use of cryptographic controls
ISO27 Full
11.2.8: Unattended user equipment
ISO27 Full
12.6.2: Restrictions on software installation
ISO27 Full
1. Task description

There are separate instructions for staff to use mobile devices. The instructions cover:

  • restrictions on installing software and using various services on your organization's devices
  • procedures for the registration of new devices
  • requirements for physical protection of equipment and installation of updates
  • access control requirements
  • protecting your organization’s data with encryption, malware protection, and backup
  • the ability of the organization to remotely control the device
Authorized users and rules for installing software and libraries
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Technical vulnerability management
13
requirements

Task is fulfilling also these other security requirements

12.6.2: Restrictions on software installation
ISO27 Full
SUM-02: Keeping licensed software up to date
Cyber Essentials
DE.CM-5: Unauthorized mobile code detection
NIST
TEK-17: Muutoshallintamenettelyt
Julkri
8.19: Installation of software on operational systems
ISO27k1 Full
1. Task description

Unmanaged installations of software on computers can lead to vulnerabilities and security breaches.

The organization should determine what types of software or updates each user can install. The instructions may include e.g. the following guidelines:

  • only specially designated persons may install new software on the devices
  • programs previously designated as secure may be installed by anyone
  • use of certain software may be impossible for everyone
  • existing software updates and security patches are allowed to be installed by anyone
No items found.