1.3.9 Ensure an organization’s identity is confirmed with a "Verified" badge

ID

cis_sscs/identity_verified

Severity

critical

Category

source_code/contribution_access

Levels

Optional

false

Tags

security, supply-chain, vetting

Description

Confirm the domains an organization owns with a "Verified" badge.

Rationale

Verifying the organization’s domain gives developers assurance that a given domain is truly the official home for a public organization. Attackers can pretend to be an organization and steal information via a faked/spoof domain, therefore the use of a "Verified" badge instills more confidence and trust between developers and the open-source community.

Verification

Ensure the organization has a "Verified" badge next to its name.

Remediation

Verify the organization’s domains and secure a "Verified" badge next to its name.