View in Browser Introduction  CISA’s newly released Zero Trust Maturity Model (ZTMM) is composed of 5 pillars. Each pillar has 4 maturity levels. Maturity in each pillar can progress independently of the other pillars. To fully support functions across the 5 pillars, the ZTMM outlines 3 cross-cutting capabilities: Visibility and Analytics, Automation and Orchestration, and Governance. These cross-cutting capabilities can be matured with respect to a specific pillar and can be matured independently of the pillars.

 NIST SP 800-171 Rev. 2 addresses the protection of Controlled Unclassified Information (CUI) in nonfederal systems and organizations. For more information on NIST 800-171 R2, please see: https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final  When configured correctly, ThreatLocker can assist your organization when you are working towards becoming NIST 800-171 Rev. 2 compliant. ThreatLocker can be used to meet certain security requirements and can assist in meeting other requirements.  3.1 Access Control  Basic Security Requirements

Use Case: The purpose of the information below is to help the reader understand how ThreatLocker can support Essential Eight Maturity Model mitigation strategies. For each level 1-3, we have outlined if and how we can help support that strategy. We have made our best effort to define which products support each sub-section. In the cases where sub-sections are missing, we do not support that sub-section.  Disclaimer: We make no claim on the end-user.

 PCI-DSS compliance is a set of standards used to secure credit and debit card transactions against fraud or theft. Businesses that store, process, or transmit credit cardholder data must adhere to the PCI-DSS compliance framework.    When properly configured, ThreatLocker can assist organizations in fulfilling PCI-DSS compliance requirements. We have done our best to outline the requirements of PCI-DSS that ThreatLocker supports. Where a requirement is not listed, ThreatLocker doesn’t currently support it.

View in Browser Annex A.6 - Organization of Information Security 6.1.2 Segregation of Duties   ThreatLocker can help create a least-privileged environment using Application Allowlisting by restricting what applications can run, who can use them, and when.  Ringfencing can restrict the function of applications down to only what is necessary for business. Storage Control can allow you to block access to folders and files and only permit access to specific applications that need to access those areas.

View in Browser ThreatLocker's tools can assist your organization when you are working towards becoming CMMC compliant. ThreatLocker can be used as the control for specific practices, and assist in meeting other practices either by providing tools that can be used to help other applications meet the compliance level practice or by the ThreatLocker product itself meeting the practice. Access Control (AC) Domain C001 - Establish system access requirements Level 1 - "

While there is no formal ITAR certification, ThreatLocker is committed to supporting our customers that need to maintain ITAR compliance. In addition to providing a US-based Support Team that is available 24/7/365, ThreatLocker enables users to specify organizations that need to remain ITAR compliant, ensuring that ThreatLocker employees who are not US citizens do not access their data.  Navigate to the 'Organizations' page. Select the 'Edit' button next to any organization that needs to remain ITAR compliant.

Introduction ThreatLocker's tools can assist your organization in becoming compliant with the United States Federal Trade Commission’s (FTC) Gramm-Leach-Bliley Act (GLBA) Safeguards Rule. When configured correctly, ThreatLocker can be used to meet specific requirements and can provide tools to support meeting other requirements. Summary The standards outlined in the first publication of the GLBA Safeguards Rule include broad and non-prescriptive security requirements that financial institutions must meet to become compliant with the law.

 Introduction ThreatLocker's tools can assist your organization when you are working towards becoming PIPEDA (Personal Information Protection and Electronic Documents Act) compliant. ThreatLocker can be used to satisfy specific Principles and can assist in meeting other Principles by providing supporting tools and information. Summary PIPEDA’s 10 fair information principles form the ground rules for the collection, use and disclosure of personal information, as well as for providing access to personal information.

 Version 8  Use Case: The purpose of the information below is to help the reader understand how ThreatLocker can support CIS-CSC Compliance. For each section 1-18, we have outlined if and how we can support that control. We have made our best effort to define which products support each sub-section. In the cases where sub-sections are missing, we do not support that sub-section.   Disclaimer: We make no claim on the end-user.

View In Browser Introduction The Cyber Essentials is a list of baseline technical controls authored by the UK Government to assist any organisation in improving its cyber defense posture. The two certifications that can be achieved are Cyber Essentials and Cyber Essentials Plus. For Cyber Essentials, organisations need to submit a self-assessment questionnaire. To obtain Cyber Essentials Plus, the organisation must be audited by a certification body. For both certifications, the same requirements must be achieved.

When correctly configured, ThreatLocker can help organizations achieve NIST 800-53 r4 compliance. We have made our best effort to outline the way the ThreatLocker endpoint security platform can support an organization's efforts to meet the following control: Control CM-7 LEAST FUNCTIONALITY   Control Enhancement  (5) LEAST FUNCTIONALITY | AUTHORIZED SOFTWARE/WHITELISTING  a. Identifies [Assignment: organization-defined software programs authorized to execute on the information system]; ThreatLocker automatically learns all software installed and running in your environment (minus a few non-standard program locations such as the Documents and Downloads folders) when you deploy the agent.

TISAX (Trusted Information Security Assessment Exchange) is a security standard based on ISO/IEC 27001, created by the German Association of the Automotive Industry. Although TISAX is not currently recognized as an official international standard, it is considered best practice in the European and global automotive industry.  For more information about TISAX, please visit: Welcome to TISAX · ENX Portal  When configured correctly, the ThreatLocker endpoint security platform can assist your organization in achieving TISAX compliance.

NIST SP 800-172 serves as a supplement to NIST SP 800-171 R2. It includes enhanced security requirements to protect Controlled Unclassified Information (CUI) in nonfederal systems and organizations. Organizations are not expected to apply all of these requirements. Specific needs will be based on the mission and business needs of federal agencies. For more information on NIST SP 800-172, please visit: https://csrc.nist.gov/publications/detail/sp/800-172/final  When configured correctly, ThreatLocker can assist your organization in meeting the requirements outlined below.

ThreatLocker's tools can assist your organization when working towards becoming CMMC 2.0 compliant. ThreatLocker can be used as the control for specific practices and assist in meeting other practices either by providing tools that can be used to help other applications meet the compliance level practice or by the ThreatLocker product itself meeting the practice. For more information on CMMC compliance, visit: CMMC Documentation (defense.gov)  Access Control (AC) Domain Level 1 AC Practices AC.

  Introduction  The MITRE ATT&CK® Matrix for Enterprise is a collection of known cyberattack techniques based on real-world observations. It is broken down into 14 separate tactics. Each of the 14 tactics is further broken down into specific techniques that have been used to achieve that tactic. MITRE then lists mitigations for each technique unless no mitigations currently exist.  When properly configured, the ThreatLocker® Endpoint Security Platform can be used to assist in mitigating many of the techniques.

  The FTC Safeguards Rule was created to lay out specific safeguards that covered entities must put into place to protect consumer information. Covered entities include all financial institutions within the FTC’s jurisdiction that aren’t subject to another enforcement authority. This includes mortgage lenders, credit counselors, car dealers, tax preparation firms, and more. For these covered entities, by June 2023, they must implement the Safeguards Rule. Title 16, Chapter 1, Subchapter C, Part 314, §314.

   Introduction In December 2022, Directive (EU) 2022/2555 (NIS 2) was published in the Official Journal of the European Union. Article 21 of the NIS 2 directive outlines Cybersecurity risk-management measures that essential and important entities must implement. For more information about NIS 2, please visit: https://www.enisa.europa.eu/topics/cybersecurity-policy/nis-directive-new. When configured correctly, ThreatLocker can assist in fulfilling the requirements of NIS 2. We have done our best to outline the areas where the ThreatLocker Endpoint Protection Platform can assist in fulfilling the requirements of NIS 2.

  The National Data Guardian’s (NDG) standards for data security is a set of 10 standards that healthcare organizations in the UK are expected to follow.  When implemented correctly, the ThreatLocker Endpoint Protection Platform can assist in reaching some of the standards outlined by the NDG’s standards for data security. We have made our best effort to outline the standards that ThreatLocker assists with. Where an item is not listed below, ThreatLocker does not currently assist with meeting that standard.

   3.1.8 - "Limit unsuccessful logon attempts." ThreatLocker Configuration Manager policies can be created to alert, isolate, lockout, or isolate and shut down endpoints if there are excessive failed logon events. 3.1.9 – “Provide privacy and security notices consistent with applicable CUI rules.” Configuration Manager can be used to set a Logon Message to show users privacy and security notices on logon.

Overview The Motion Picture Association (MPA) has developed Content Security Best Practices for the Media and Entertainment industry to establish a benchmark for minimum-security preparedness. A direct link to the MPA Content Security Best Practices can be found here. When properly configured, ThreatLocker can assist organizations in meeting this benchmark. We have done our best to outline the best practices that ThreatLocker supports. Where a best practice is not listed, ThreatLocker doesn’t currently support it.