WEB
Web Security
15 controls
Ensure the security and resilience of Internet-facing technologies through secure configuration management practices and monitoring for anomalous activity.
| SCF # | Control Name | Weight |
|---|---|---|
| WEB-01 | Web Security | 8 — High |
| WEB-01.1 | Unauthorized Code | 9 — Critical |
| WEB-02 | Use of Demilitarized Zones (DMZ) | 9 — Critical |
| WEB-03 | Web Application Firewall (WAF) | 8 — High |
| WEB-04 | Client-Facing Web Services | 10 — Critical |
| WEB-05 | Cookie Management | 5 — Medium |
| WEB-06 | Strong Customer Authentication (SCA) | 8 — High |
| WEB-07 | Web Security Standard | 9 — Critical |
| WEB-08 | Web Application Framework | 9 — Critical |
| WEB-09 | Validation & Sanitization | 9 — Critical |
| WEB-10 | Secure Web Traffic | 9 — Critical |
| WEB-11 | Output Encoding | 9 — Critical |
| WEB-12 | Web Browser Security | 9 — Critical |
| WEB-13 | Website Change Detection | 8 — High |
| WEB-14 | Publicly Accessible Content Reviews | 7 — High |
The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.