ThreatLocker and TISAX Compliance

9 min. readlast update: 04.11.2023

TISAX (Trusted Information Security Assessment Exchange) is a security standard based on ISO/IEC 27001, created by the German Association of the Automotive Industry. Although TISAX is not currently recognized as an official international standard, it is considered best practice in the European and global automotive industry. 

For more information about TISAX, please visit: Welcome to TISAX · ENX Portal 

When configured correctly, the ThreatLocker endpoint security platform can assist your organization in achieving TISAX compliance. ThreatLocker is not an official TISAX auditor. We have made our best efforts to outline the TISAX requirements that ThreatLocker supports. If a requirement is not listed, ThreatLocker does not currently support that requirement.   

Information Security Policies and Organization

1.6.1: To what extent are information security events processed?

  • “Procedures for ensuring traceability in case of information security events/vulnerabilities are established and documented.”

The ThreatLocker Unified Audit can assist with ensuring traceability for IS events. The Unified Audit is a central location that provides a near-real-time view of all executables, scripts, and libraries executing or attempting to execute in your environment. The logged-in user will be included in each time-stamped entry. 

Combined with Storage Control, the Unified Audit will also show information about files that have been accessed, changed, or deleted on both internal and external storage, including USBs, file shares, and the local drives where an explicit policy was created to monitor or control that folder. 

Combining the Unified Audit with Network Control will provide visibility of network activity across your environment. Entries will include the source IP address and the destination IP address. 

No Unified Audit entry can be edited or manually removed. The Unified Audit entries are automatically saved for 30 days, and this time can be extended, if desired, for an additional charge.   

Human Resources 

2.1.4: To What extent is teleworking regulated?

  • “Secure handling of and access to information (in both electronic and paper form) while considering the protection needs and the contractual requirements applying to private (e.g. home office) and public surroundings (e.g. during travels)”

ThreatLocker Storage Control can assist with ensuring secure access to electronic data. Storage Control policies can be configured to only permit access to data locations by user and/or application. Network Control can be used to protect the servers that house your data. Set Network Control policies to permit access to data servers only to specific machines that need access to them. Access policies can be very granular, providing control down to the port level, and only for specified computers. 

  • “The organization’s network is accessed via a secured connection (e.g. VPN) and strong authentication” 

ThreatLocker Network Control can assist with making sure access to your organization’s network is through a secure connection. Network Control is a centrally managed endpoint firewall that enables you to control access to network locations down to the port level. Using dynamic ACLs, ports can open and close on demand only for permitted connections. Unlike a VPN that provides a single point of failure and can be compromised, Network Control is a simple client to server connection. 

Physical Security and Business Continuity 

3.1.4: To what extent is the handling of mobile IT devices and mobile data storage devices managed? 

  • "The requirements for mobile IT devices andmobile data storage devices are determined and fulfilled. The following aspects are considered: "
    • "Encryption"
    • "Access protection (e.g. PIN, password)"

ThreatLocker can assist with meeting these requirements. Storage Control can be used to enforce encryption on mobile data storage. ThreatLocker Configuration Manager can be used to set password policies for computers and laptops. 

  • "General encryption of mobile data storage devices or the information assets stored thereon: (C, I)-- Where this is technically not feasible, information is protected by similarly effective measures."

Storage Control can protect mobile data storage, with or without enforcing encryption. 

4. Identity and Access Management 

4.1.2: To what extent is the user access to network services, IT systems and IT applications secured?

  • "The user authentication procedures are defined and implemented based on the business-related and security-relevant requirements:"
    • "Users are authenticated at least by means of strong passwords according to the state of the art."

ThreatLocker Configuration Manager can assist by providing the ability to set password age, length and complexity requirements for your endpoints, whether domain-joined or not, from the central ThreatLocker Portal. 

4.1.3: To what extent are user accounts and login information securely managed and applied?

  • “A basic user account with minimum access rights and functionalities is existent and used.”

ThreatLocker can assist with this requirement. ThreatLocker Elevation Control enables you to reduce or eliminate local administrator accounts and provide just-in-time elevation for specific applications or actions that require administrator privileges without the need to enter admin credentials. Elevation can be provided temporarily, or for applications that always need to run as an admin, Elevation can be applied to permit that application to run as an admin, automatically. 

5. IT Security/Cyber Security 

5.2.3: To what extent are IT systems protected against malware? 

  • “Technical and organizational measures for protection against malware are defined and implemented.”

ThreatLocker can assist with the requirements listed above. ThreatLocker Allowlisting provides protection against malware. Using a default deny, no applications, scripts, drivers or libraries can execute unless they are on the allow list. ThreatLocker Ringfencing can be applied to applications to prevent their ability to access your files, interact with other applications, reach the internet, or alter the registry. ThreatLocker Ops can detect, alert and respond to specific IOCs as outlined by your policies.  

  • “Unnecessary network services are disabled.”
  • “Access to network services is restricted to necessary access by means of suitable protective measures (see examples).”

ThreatLocker Network Control enables very granular port level control. Keep ports closed, and permit on-demand access to only machines that need access. Once ports are opened, they remain invisible to unauthorized devices.

  • “Received files and programs are automatically inspected for malware prior to their execution (on-access scan).”  

ThreatLocker Allowlisting will block all files and programs not on the allow list. Once a user sends a request to run something not on the allow list, use the ThreatLocker Testing Environment to install the new program in a sandbox environment that will evaluate the safety of the installation package observed file behavior, including attempts to alter files, the registry, and access the internet. It will provide the information admins need to decide the best course of action for their specific organization.

  • “Measures to prevent protection software from being deactivated or altered by users are defined and implemented.”

ThreatLocker Tamper Protection prohibits end users from being able to turn ThreatLocker off, or alter the settings in any way. ThreatLocker can only be turned off from the central ThreatLocker portal. 

5.2.4: To What extent are vulnerabilities identified and addressed?

  •  "Potentially affected IT systems and software are identified, assessed and any vulnerabilities are addressed."

ThreatLocker Ops can be configured to look for certain vulnerable software and other IOCs as outlined in policies created by you and alert you that the vulnerability is present. While ThreatLocker Ops does not provide the ability to fix these vulnerabilities, it can be configured to automatically quarantine a system that has a specified vulnerability. The Unified Audit results can be filtered to easily drill down to a specific event, helping you identify impacted endpoints. Unified Audit entries will show logged-in users and hostnames and will show what process created and/or started each action, supporting forensic investigations. 

  • "Risk minimizing measures are implemented as necessary." 

The entire ThreatLocker endpoint security platform assists in minimizing risk. Allowlisting only permits applications you have approved to run. Ringfencing controls what these permitted apps can do once they are running. Storage Control helps prevent unauthorized access to data. Network Control helps to lock down your network environment and only permit necessary connections. ThreatLocker Ops can alert and respond to specific events. ThreatLocker Configuration Manager permits you to set endpoint security policies across your environment from the ThreatLocker Portal, without using Active Directory. The ThreatLocker Testing Center provides a safe testing environment in which to investigate any new script or software before permitting it in your environment.  

5.2.7: To what extent is the network of the organization managed?

  • “For network segmentation, the following aspects are considered:”
    • “Limitations for connecting IT systems to the network,”
    • “Use of security technologies,”
    • “The increased risk due to network services accessible via the internet,”
    • “Adequate separation between own networks and customer networks while considering customer requirements.”

ThreatLocker Network Control helps with the requirements above. It gives you control over the connections that are permitted in your environment, down to opening ports only for the specified permitted devices. Unauthorized devices will not even have visibility of the open ports. Create a default deny policy and all unauthorized connections are blocked whether from inside your LAN or over the internet. 

5.3.4: To what extent is information protected in shared external IT services?

  • “Effective segregation (e.g. segregation of clients) prevents access to own information by unauthorized users of other organizations.

ThreatLocker Network Control can control access to network locations. Using a default deny policy, block all unpermitted access. Create polices to only permit the connections you want.  

  • “The provider’s segregation concept is documented and adapted to any changes. The following aspects are considered:”
    • “Separation of data, functions, applications, operating system, storage system and network,”  

Apply Ringfencing to all permitted applications to control what they can interact with. Storage Control can be used to control access to data locally, on removable media, and on external storage. Network Control can control network activity. Allowlisting can permit applications for only the users that need them. 

9. Data Protection 

9.3: To what extent is it ensured that the internal processes or workflows are carried out according to the currently valid data protection regulations and that these are regularly subjected to a quality check?

  • “Adequate protection mechanisms for reducing unauthorized access to personally identifiable data.”

ThreatLocker Storage Control can be set to protect areas that contain PII and only permit access to that PII to users that need it. ThreatLocker Network Control can be used to protect access to the servers that house PII, only permitting connections to the devices or users that need those connections. Combine both technologies to provide layered protection for this valuable data.   


Step on It: What to Know About TISAX Compliance ( 

Welcome to TISAX · ENX Portal  

Was this article helpful?