Profile Applicability:
Level 1
Description:
The organization must complete the necessary verification processes on platform(s) hosting its repositories or services to obtain a “Verified” badge. This verification visibly confirms the organization's authenticity to users and stakeholders, helping distinguish official accounts from impersonators or fraudulent entities.
Rationale:
Displaying a verified badge builds trust among users and collaborators by assuring them of the organization’s legitimacy. It reduces the risk of phishing, impersonation, and social engineering attacks and supports brand reputation and compliance requirements.
Impact:
Pros:
Enhances trust and credibility with users and partners.
Helps prevent impersonation and related security risks.
Supports compliance with platform policies and regulations.
Cons:
Verification processes may require administrative effort and documentation.
Not all platforms offer verification or have uniform standards.
Default value:
Organizations without verification badges may be perceived as less trustworthy or at higher risk of impersonation.
Audit:
Verify that the organization holds a verified badge on relevant platforms. Check records of verification status and renewal dates.
Remediation:
Complete platform-specific verification procedures, providing required documentation. Maintain up-to-date organizational information to retain verification status. Communicate verification benefits to stakeholders.
References:
GitHub Verified Organizations: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/managing-organization-settings/about-organization-verification
Twitter Verified Accounts: https://help.twitter.com/en/managing-your-account/about-twitter-verified-accounts
CIS Controls v8, Control 16 - Application Software Security: https://www.cisecurity.org/controls/application-software-security/