Protect Internet-facing Technology Assets, Applications and Services (TAAS) by minimizing attack surfaces and monitoring for anomalous activity.
Organizations reduce risks associated with Internet-accessible TAAS through secure configuration, web and API security controls, content and file integrity monitoring, logging, auditing and detection of malicious activity.
Internet-facing TAAS is the attack surface that threat actors interact with first and most often. The WEB domain governs the security of web applications, APIs and other Internet-accessible services through secure configuration, web and API security controls, content and file integrity monitoring, logging, auditing and detection of malicious activity.
The SCF's principle for WEB centers on minimizing attack surface and monitoring for anomalous activity. Attack surface minimization means more than not deploying unnecessary applications; it means applying controls to every publicly accessible endpoint, including APIs that may not be documented or actively maintained. Undocumented APIs are a known attack vector precisely because they often lack the controls applied to the documented application surface.
File and content integrity monitoring is a WEB control requirement that addresses web skimming, content injection and supply chain attacks that modify client-side code. These attacks are not always detectable through traditional application security scanning because they may affect code loaded from third-party sources. WEB requires monitoring that covers the full delivered application surface, not just the code the organization wrote.