Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Qatar 2022 Cybersecurity Framework Application Security

by Ryan Seguin
January 26, 2021

Qatar 2022 Cybersecurity Framework Application Security

Massive events such as the FIFA 2022 World Cup™ present a significant attack surface and target rich environment for the criminally motivated. The State of Qatar is taking this seriously and setting cybersecurity and privacy at the top of the FIFA 2022 World Cup™ event agenda, requiring entities to adopt and implement The Qatar 2022 Cybersecurity Framework, and elevate application security in preparation for the World Cup.

The Cybersecurity Frameworks Capability Description – Application Security section (Chapter 4) focuses on reducing risk within applications, thereby decreasing the likelihood of successful exploitation. Program Managers require a detailed view of application risk and any potentially exploitable assets. Tenable.sc provides vulnerability and configuration assessment information that allows entities to mitigate identified risks and to meet standards, guidelines, and policies.

Modeled from the Cybersecurity Governance Capability within the framework, this dashboard is organized to highlight current application risk and potential exploitability. Managers need to know their current application risk, the exploitability of their applications, and compliance with security standards during development. Using the data presented, managers are given comprehensive vulnerability data, and areas in need of attention to prevent attack.

The Application Security capability outlines the process by which an entity can monitor their application risk to prevent a potential breach. The left column of this dashboard displays the current state of an entity's application state, which outlines the applications that may be unsupported or misconfigured. If applications are no longer supported, managers should prioritize removal or upgrades for applications to versions that receive active security support.

The right column assists managers by offering vulnerability counts for application families, which allows for greater insight into areas of potential exploitability and criticality determined by Tenable’s VPR. The VPR score is an output of Predictive Prioritization, which allows entities to focus on items that help drive key performance indicators, by combining research insights, threat intelligence, and vulnerability rating to reduce noise. In addition, the right column contains vulnerability data related to the OWASP Top 10: a list of the top 10 most critical web application risks. Remediating vulnerabilities related to the OWASP Top 10 greatly reduces the likelihood of external attacks, which is a key requirement of the Qatar 2022 CSF.

The Qatar 2022 CSF clearly outlines the compliance and risk management requirements to ensure a secure environment for the 2022 World Cup. The tools within this dashboard offer managers a decisive way to confidently make decisions regarding the enterprise that they direct. Armed with proper knowledge and tools, entities ensure that their organization’s needs are fully met.

This dashboard is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessments. The dashboard requirements are:

•    Tenable.sc 5.15.0

•    Nessus 8.11.1

Tenable.sc Continuous View (CV) is the market-defining On-Prem Cyber Exposure Platform. Tenable.sc CV provides the ability to continuously Assess an organization’s adherence to best practice configuration baselines. Tenable.sc provides customers with a complete Cyber Exposure platform for completing effective cybersecurity practices.

Components

  • Unsupported Product Summary - Software by Severity - This pie chart presents a graphical representation based on severity, unsupported applications and operating systems found in the environment.
  • Desktop Applications Summary - Desktop Applications Trend Last 90 Days - This trend line chart depicts the detection of vulnerabilities related to specific vendors of desktop applications over the last 90 days.
  • Nessus Scan Summary - Web App Tests - This component provides information on the web application test settings enabled and the number of systems where web app tests were performed.
  • NIA - Software Security [SS] - This matrix provides indicators for failed audit checks which are controls of the NIA Software Security [SS] domain. The policy in this domain defines the importance of including security in the process of software development and acquisition, rather than adding it as an add-on.
  • Unsupported Product Summary - Applications - The table displays unsupported applications by name and sorted by severity.
  • Desktop Applications Summary - Desktop Applications Vulnerability Summary - This matrix displays information about the systems and vulnerabilities detected on the network, listed by desktop applications vendor.
  • OWASP Top 10 - Top 10 Indicators - This component collects the vulnerabilities from the CGI Abuses, CGI Abuses : XSS, and Web Servers plugin families for both active and passive vulnerabilities.
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.