Demo · sample data, not for production use · request the real tool →

CC6.8

Prevents or detects unauthorized or malicious software

SecurityImplementedSecurity (Common Criteria)

Control description

AICPA Trust Services Criteria

The entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity's objectives.

Auditor test plan

How this is tested during the audit

Auditor reviews EDR coverage reports, dependency scanning output, and the SBOM-review process for production releases.

Evidence

1 item attached to this control

Open vault →
  • PDF

    edr-coverage-report-q2.pdf

    sha256:0000000000000000… · 193.9 KB · 16d ago

Last reviewed
16d
Within 180-day window
Evidence on file
3

Owner

DS
Director, Security
Accountable for design + operating effectiveness

Status timeline

Recent control history

  1. Last reviewed by Director, Security

    16d ago

  2. Status set to implemented

    46d ago

  3. Initial control design approved

    106d ago