Essential Cybersecurity Controls (ECC – 2 : 2024) - Web Application Security; Documentation and Requirements - Lake Ridge

Compliance Solutions

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More
About
Contact

Login

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-15-1

Cybersecurity Requirements For External Web Applications Must Be Defined, Documented And Approved.

View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-15-2

The Cybersecurity Requirements For External Web Applications Must Be Implemented.

View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-15-3

The cybersecurity requirements for external web applications must include at least the following:

Use of web application firewall.
Adoption of the multi-tier architecture principle.
Use of secure protocols (e.g., HTTPS).
Clarification of the secure usage policy for users.
User authentication based on defined number and factors of authentication, as a result of impact assessment of authentication failure and bypass for users' access.

View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-15-4

The Cybersecurity Requirements For External Web Applications Must Be Reviewed Periodically

View Requirement