Require Explicit Trust for Third-Party Integrations

This standard mandates requiring explicit trust for third-party integrations to ensure no external system is implicitly trusted.

1. Require Explicit Trust for Third-Party Integrations:

No external system should be implicitly trusted. This approach ensures that third-party integrations are secure and controlled.

• 1.1 API Gateways and Token-Based Authentication:
  • 1.1.1 OAuth2 and OpenID Connect Utilisation:
    • Use API gateways and token-based authentication (OAuth2, OpenID Connect).
    • Automate the configuration of API gateways.
  • 1.1.2 Authentication Management:
    • Automate the tracking of token-based authentication.
    • Implement authentication tutorials.
• 1.2 Third-Party Security Monitoring:
  • 1.2.1 Least-Privilege Access Enforcement:
    • Continuously monitor third-party security postures and enforce least-privilege access.
    • Automate the monitoring of third-party security.
  • 1.2.2 Monitoring Management:
    • Automate the tracking of third-party access permissions.
    • Implement monitoring feedback collection.
• 1.3 Contract-Based Security Validation:
  • 1.3.1 External Service Validation:
    • Implement contract-based security validation for external services.
    • Automate the validation of external service contracts.
  • 1.3.2 Validation Management:
    • Automate the tracking of contract validation results.
    • Implement validation tutorials.

By requiring explicit trust, organisations can ensure secure third-party integrations.

---