ISO/IEC 27001 Control 8.19: Installation of software on operational systems

Procedures and measures should be implemented to securely manage software installation on operational systems.

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

MidPoint provides supporting mechanisms for management of software on operational systems.

Role-based access control (RBAC) capabilities can be used to manage privileged access, including rights to install software on operational systems. Proper use of RBAC can be used to implement "least privilege" policy for operating system administration, especially for external suppliers. This can be combined with organizational structure, policy rules and information classification, e.g. allowing privileged access only to selected organizational units. Segregation of duties (SoD) mechanism can be used to avoid accumulation of super-critical access privileges to a single user. Activation mechanism can be used to provide privileged access only for limited time period. MidPoint can partially monitor usage of accounts on operating systems by its synchronization mechanism, detecting unused administration accounts, which may suggest neglected maintenance of operating systems.

MidPoint can cover only a small part of this control. While actual enforcement of access control to software installation is in scope of operating systems and privileged access management (PAM) systems, midPoint can manage the access control rules and policies.