Content library
NSM ICT Security Principles (Norway)
2.8.4: Only permit organisation-approved plugins

Requirement description

Only permit organisation-approved plugins. For many organisations, necessary plugins will only be those that integrate email readers and browsers with e.g. CRM-systems and archiving systems. A plugin not needed for the organisation’s activities can represent a vulnerability and should therefore not be permitted (i.e. use allowlisting of application plugins).

How to fill the requirement

NSM ICT Security Principles (Norway)

2.8.4: Only permit organisation-approved plugins

Task name
Priority
Status
Theme
Policy
Other requirements
Whitelisting
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
8
requirements

Examples of other requirements this task affects

MWP-05: Whitelisting
Cyber Essentials
MWP: Application allow listing
Cyber Essentials
1.2.2: Establish organisational guidelines for approved devices and software
NSM ICT-SP
1.2.4: Identify the software in use at the organisation
NSM ICT-SP
2.3.2: Configure clients so that only software known to the organisation is able to execute
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Whitelisting
1. Task description

Only software approved by the organization can be run on the devices. The organization should:

  • Actively approve software before it is deployed
  • Maintain a list of approved software
  • Prevent users from installing unapproved software
  • Create a list of separately allowed extensions
  • Unauthorized extensions should be blocked
Automatic blocking and detecting of unauthorized software
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
17
requirements

Examples of other requirements this task affects

12.2.1: Controls against malware
ISO 27001
12.2: Protection from malware
ISO 27001
DE.CM-5: Unauthorized mobile code detection
NIST
8.7: Protection against malware
ISO 27001
5.2.3: Malware protection
TISAX
See all related requirements and other information from tasks own page.
Go to >
Automatic blocking and detecting of unauthorized software
1. Task description

Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs.

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.