Help CenterBelow is a list of individual HITRUST control specifications, organized by their associated parent Control Category, that one or more ThreatLocker product module or platform feature may cover.
ThreatLocker® and HITRUST Control Category 01.0 - Access Control
01.c Privilege Management
ThreatLocker Elevation Control provides Just-In-Time-Administration (JITA) for individual software application executions without elevating the entire user account. Individual privileged accounts may be managed and removed through the ThreatLocker web portal.
01.j User Authentication for External Connections
Connection attempts to M365 tenants are evaluated by Cloud Control, ensuring remote authentication occurs only from trusted network addresses.
01.m Segregation in Networks
Network Control policies can be applied against an entire business organization, computer group, or individual computer, providing granular segmentation throughout any network environment's unique design.
01.n Network Connection Control
Network Control is an endpoint firewall with dynamic ACLs. Policies can be configured to explicitly allow certain ingress and egress traffic and deny the rest by default.
01.u Limitation of Connection Time
Network Control policies may be configured against an automated schedule, explicitly allowing traffic to specific ports or software applications only during certain dates and time frames. Policies may also be set to expire after a specific time frame has been reached. Network sessions opened through Network Control policies are otherwise closed automatically after five (5) minutes of inactivity.
01.v Information Access Restriction
Access to software applications permitted by ThreatLocker Allowlisting can be further limited to specific user accounts and endpoint storage interfaces.
Ringfencing™ may be applied to Allowlisting policies to restrict permitted applications from laterally moving to other information resources.
Elevation Control may be applied to Allowlisting policies to manage privileged execution of permitted applications.
Storage Control policies restrict user and application access to specific data files, folders, and storage interfaces.
ThreatLocker® and HITRUST Control Category 06.0 - Compliance
06.g Compliance with Security Policies and Standards
Configuration Manager enforces local system security settings, determined by customizable policies, automatically on endpoints.
DAC displays potential compliance standard and framework violations.
06.h Technical Compliance Checking
DAC continuously evaluates and displays potential compliance standard and framework violations.
ThreatLocker® and HITRUST Control Category 09.0 - Communications and Operations Management
09.j Controls Against Malicious Code
Allowlisting prevents malware from executing on individual endpoints, denying all applications from running except where explicitly permitted.
09.aa Audit Logging
The ThreatLocker Unified Audit displays event log data generated from all enabled ThreatLocker product modules. Event data includes username, asset name, file path, the type of file operation (read, write, execute), application name, application file hash digest, certificate distinguished name, and full process path including parameters and flags.
Additional syslog or Big-IP event logs from arbitrary data sources may be optionally configured for ingestion.
All individual user events and actions initiated within the ThreatLocker web portal are saved in a separate audit log.
09.ac Protection of Log Information
All Unified Audit event logs, including those ingested from a syslog of Big-IP data source, are protected by inherent controls provided by the ThreatLocker web portal cloud-hosting provider.
09.ad Administrator and Operator Logs
All event logs displayed within the Unified Audit are filterable by user account, including those of administrator and any other user account name.
ThreatLocker® and HITRUST Control Category 10.0 - Information Systems Acquisition, Development, and Maintenance
10.h Control of Operational Software
Application installation and execution is prevented by Allowlisting policies. Privileged application installation and execution is managed by Elevation Control conditions applied to Allowlisting policies.
ThreatLocker Patch Management maintains the most updated version of most software
10.i Protection of System Test Data
Storage Control policies restrict user and application access to specific data files, folders, and storage interfaces, including those of designated test environments.
Network Control policies enforce dynamic firewall ACLs to and from test environment network addresses
10.l Outsourced Software Development
Allowlisting displays detailed information about applications managed by ThreatLocker. This includes the country or countries an application was developed in, or where the application’s developers operate.
10.m Control of Technical Vulnerabilities
ThreatLocker Patch Management mitigates technical vulnerabilities exposed by outdated applications by enforcing and applying automatic software updates.
ThreatLocker Detect and Cloud Detect alert against potential anomalous behavior and can be configured to apply arbitrary, automatic mitigating actions upon detection. Alerts against software vulnerabilities may be configured by targeting policies against granular system and application settings.
Configuration Manager enforces local system security settings, determined by customizable policies, automatically on endpoints.
DAC displays potential compliance standard and framework violations.
ThreatLocker® and HITRUST Control Category 11.0 - Information Security Incident Management
11.a Reporting Information Security Events
The Cyber Hero MDR maintains strict reporting guidelines, ensuring detected events and incidents are documented and reported as a component of their response process.
11.c Responsibilities and Procedures
The Cyber Hero MDR maintains updated operating procedures outlining individual team member duties towards all aspects of incident response.
11.d Learning from Information Security Incidents
The Cyber Hero MDR Threat Intelligence team documents all lessons learned from past incident responses, root cause analyses, and retrospectives. Incident response runbooks are continuously updated with new procedures, IoCs, forensic data, and other insights learned.
11.e Collection of Evidence
The Cyber Hero MDR collects Detect, Cloud Detect, and other system event log data and telemetry displayed in the Unified Audit during their incident response processes. Other forensic data and metadata is collected in collaboration with affected clients.