CISOBot - Your AI CISO Assistant

IAC-27

Reference Monitor

Weight: 1/10

Description

Mechanisms exist to implement a reference monitor that is tamperproof, always-invoked, small enough to be subject to analysis / testing and the completeness of which can be assured.

Control Question

Does the organization implement a reference monitor that is tamperproof, always-invoked, small enough to be subject to analysis / testing and the completeness of which can be assured?

Control Metadata

Domain:

Identification & Authentication

Validation Cadence:

Annual

Have questions about this control?

Ask CISOBot for implementation guidance and best practices