Info | ||||
---|---|---|---|---|
Check out the CIS Controls Navigator for more insight into CIS Controls and Mappings. https://www.cisecurity.org/controls/cis-controls-navigator
|
...
Control | SubControl | IG | SubControl Description | Coverage |
---|---|---|---|---|
1 | 1 | 1 | Establish and Maintain Detailed Enterprise Asset Inventory | Facilitates
|
1 | 2 | 1 | Address Unauthorized Assets | Facilitates |
1 | 3 | 2 | Utilize an Active Discovery Tool | Partial |
1 | 4 | 2 | Use DHCP Logging to update asset inventory | |
1 | 5 | 3 | Use a Passive Asset Discovery Tool | |
2 | 1 | 1 | Establish and Maintain a Software Inventory | Facilitates |
2 | 2 | 1 | Ensure Authorized Software is Currently Supported | Facilitates |
2 | 3 | 1 | Address Unauthorized Software | Facilitates |
2 | 4 | 2 | Utilize Automated Software Inventory Tools | Partial |
2 | 5 | 2 | Allowlist Authorized Software | Facilitates |
2 | 6 | 2 | Allowlist Authorized Libraries | |
2 | 7 | 3 | Allowlist Authorized Scripts | |
3 | 1 | 1 | Establish and Maintain a Data Management Process | |
3 | 2 | 1 | Establish and Maintain a Data Inventory | Facilitates |
3 | 3 | 1 | Configure Data Access Control Lists | |
3 | 4 | 1 | Enforce Data Retention | |
3 | 5 | 1 | Securely Dispose of Data | |
3 | 6 | 1 | Encrypt Data on End-User Devices | |
3 | 7 | 2 | Establish and Maintain a Data Classification Scheme | |
3 | 8 | 2 | Document Data Flows | |
3 | 9 | 2 | Encrypt Data on Removable Media | |
3 | 10 | 2 | Encrypt Sensitive Data In Transit | |
3 | 11 | 2 | Encrypt Sensitive Data at Rest | |
3 | 12 | 2 | Segment Data Processing and Storage Based on Sensitivity | |
3 | 13 | 3 | Deploy a Data Loss Prevention Solution | Facilitates |
3 | 14 | 3 | Log Sensitive Data Access | |
4 | 1 | 1 | Establish and Maintain a Secure Configuration Process | Facilitates |
4 | 2 | 1 | Establish and Maintain a Secure Configuration Process for Network Infrastructure | |
4 | 3 | 1 | Configure Automatic Session Locking on Enterprise Assets | Facilitates |
4 | 4 | 1 | Implement and Manage a Firewall on Servers | Facilitates |
4 | 5 | 1 | Implement and Manage a Firewall on End-User Devices | Facilitates |
4 | 6 | 1 | Securely Manage Enterprise Assets and Software | |
4 | 7 | 1 | Manage Default Accounts on Enterprise Assets and Software | Facilitates |
4 | 8 | 2 | Uninstall or Disable Unnecessary Services on Enterprise Assets and Software | Facilitates |
4 | 9 | 2 | Configure Trusted DNS Servers on Enterprise Assets | |
4 | 10 | 2 | Enforce Automatic Device Lockout on Portable End-User Devices | Facilitates |
4 | 11 | 2 | Enforce Remote Wipe Capability on Portable End-User Devices | |
4 | 12 | 3 | Separate Enterprise Workspaces on Mobile End-User Devices | |
5 | 1 | 1 | Establish and Maintain an Inventory of Accounts | Facilitates |
5 | 2 | 1 | Use Unique Passwords | Facilitates |
5 | 3 | 1 | Disable Dormant Accounts | Facilitates |
5 | 4 | 1 | Restrict Administrator Privileges to Dedicated Administrator Accounts | |
5 | 5 | 2 | Establish and Maintain an Inventory of Service Accounts | Facilitates |
5 | 6 | 2 | Centralize Account Management | |
6 | 1 | 1 | Establish an Access Granting Process | |
6 | 2 | 1 | Establish an Access Revoking Process | |
6 | 3 | 1 | Require MFA for Externally-Exposed Applications | |
6 | 4 | 1 | Require MFA for Remote Network Access | |
6 | 5 | 1 | Require MFA for Administrative Access | |
6 | 6 | 2 | Establish and Maintain an Inventory of Authentication and Authorization Systems | |
6 | 7 | 2 | Centralize Access Control | |
6 | 8 | 3 | Define and Maintain Role-Based Access Control | |
7 | 1 | 1 | Establish and Maintain a Vulnerability Management Process | Facilitates |
7 | 2 | 1 | Establish and Maintain a Remediation Process | Facilitates |
7 | 3 | 1 | Perform Automated Operating System Patch Management | Partial |
7 | 4 | 1 | Perform Automated Application Patch Management | Partial |
7 | 5 | 2 | Perform Automated Vulnerability Scans of Internal Enterprise Assets | Fully |
7 | 6 | 2 | Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets | Fully |
7 | 7 | 2 | Remediate Detected Vulnerabilities | Partial |
8 | 1 | 1 | Establish and Maintain an Audit Log Management Process | |
8 | 2 | 1 | Collect Audit Logs | |
8 | 3 | 1 | Ensure Adequate Audit Log Storage | |
8 | 4 | 2 | Standardize Time Synchronization | Facilitates |
8 | 5 | 2 | Collect Detailed Audit Logs | |
8 | 6 | 2 | Collect DNS Query Audit Logs | |
8 | 7 | 2 | Collect URL Request Audit Logs | |
8 | 8 | 2 | Collect Command-Line Audit Logs | |
8 | 9 | 2 | Centralize Audit Logs | |
8 | 10 | 2 | Retain Audit Logs | |
8 | 11 | 2 | Conduct Audit Log Reviews | |
8 | 12 | 3 | Collect Service Provider Logs | |
9 | 1 | 1 | Ensure Use of Only Fully Supported Browsers and Email Clients | Facilitates |
9 | 2 | 1 | Use DNS Filtering Services | |
9 | 3 | 2 | Maintain and Enforce Network-Based URL Filters | |
9 | 4 | 2 | Restrict Unnecessary or Unauthorized Browser and Email Client Extensions | |
9 | 5 | 2 | Implement DMARC | |
9 | 6 | 2 | Block Unnecessary File Types | |
9 | 7 | 3 | Deploy and Maintain Email Server Anti-Malware Protections | |
10 | 1 | 1 | Deploy and Maintain Anti-Malware Software | |
10 | 2 | 1 | Configure Automatic Anti-Malware Signature Updates | |
10 | 3 | 1 | Disable Autorun and Autoplay for Removable Media | |
10 | 4 | 2 | Configure Automatic Anti-Malware Scanning of Removable Media | |
10 | 5 | 2 | Enable Anti-Exploitation Features | |
10 | 6 | 2 | Centrally Manage Anti-Malware Software | |
10 | 7 | 3 | Use Behavior-Based Anti-Malware Software | |
11 | 1 | 1 | Establish and Maintain a Data Recovery Process | |
11 | 2 | 1 | Perform Automated Backups | |
11 | 3 | 1 | Protect Recovery Data | |
11 | 4 | 1 | Establish and Maintain an Isolated Instance of Recovery Data | |
11 | 5 | 2 | Test Data Recovery | |
12 | 1 | 1 | Ensure Network Infrastructure is Up-to-Date | Facilitates |
12 | 2 | 2 | Establish and Maintain a Secure Network Architecture | |
12 | 3 | 2 | Securely Manage Network Infrastructure | |
12 | 4 | 2 | Establish and Maintain Architecture Diagram(s) | |
12 | 5 | 2 | Centralize Network Authentication, Authorization, and Auditing (AAA) | |
12 | 6 | 2 | Use of Secure Network Management and Communication Protocols | |
12 | 7 | 2 | Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise’s AAA Infrastructure | |
12 | 8 | 3 | Establish and Maintain Dedicated Computing Resources for All Administrative Work | |
13 | 1 | 2 | Centralize Security Event Alerting | |
13 | 2 | 2 | Deploy a Host-Based Intrusion Detection Solution | |
13 | 3 | 2 | Deploy a Network Intrusion Detection Solution | |
13 | 4 | 2 | Perform Traffic Filtering Between Network Segments | |
13 | 5 | 2 | Manage Access Control for Remote Assets | |
13 | 6 | 2 | Collect Network Traffic Flow Logs | |
13 | 7 | 3 | Deploy a Host-Based Intrusion Prevention Solution | |
13 | 8 | 3 | Deploy a Network Intrusion Prevention Solution | |
13 | 9 | 3 | Deploy Port-Level Access Control | |
13 | 10 | 3 | Perform Application Layer Filtering | |
13 | 11 | 3 | Tune Security Event Alerting Thresholds | |
14 | 1 | 1 | Establish and Maintain a Security Awareness Program | |
14 | 2 | 1 | Train Workforce Members to Recognize Social Engineering Attacks | |
14 | 3 | 1 | Train Workforce Members on Authentication Best Practices | |
14 | 4 | 1 | Train Workforce on Data Handling Best Practices | |
14 | 5 | 1 | Train Workforce Members on Causes of Unintentional Data Exposure | |
14 | 6 | 1 | Train Workforce Members on Recognizing and Reporting Security Incidents | |
14 | 7 | 1 | Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates | |
14 | 8 | 1 | Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks | |
14 | 9 | 2 | Conduct Role-Specific Security Awareness and Skills Training | |
15 | 1 | 1 | Establish and Maintain an Inventory of Service Providers | |
15 | 2 | 2 | Establish and Maintain a Service Provider Management Policy | |
15 | 3 | 2 | Classify Service Providers | |
15 | 4 | 2 | Ensure Service Provider Contracts Include Security Requirements | |
15 | 5 | 3 | Assess Service Providers | |
15 | 6 | 3 | Monitor Service Providers | |
15 | 7 | 3 | Securely Decommission Service Providers | |
16 | 1 | 2 | Establish and Maintain a Secure Application Development Process | |
16 | 2 | 2 | Establish and Maintain a Process to Accept and Address Software Vulnerabilities | |
16 | 3 | 2 | Perform Root Cause Analysis on Security Vulnerabilities | |
16 | 4 | 2 | Establish and Manage an Inventory of Third-Party Software Components | |
16 | 5 | 2 | Use Up-to-Date and Trusted Third-Party Software Components | |
16 | 6 | 2 | Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities | |
16 | 7 | 2 | Use Standard Hardening Configuration Templates for Application Infrastructure | |
16 | 8 | 2 | Separate Production and Non-Production Systems | |
16 | 9 | 2 | Train Developers in Application Security Concepts and Secure Coding | |
16 | 10 | 2 | Apply Secure Design Principles in Application Architectures | |
16 | 11 | 2 | Leverage Vetted Modules or Services for Application Security Components | |
16 | 12 | 3 | Implement Code-Level Security Checks | |
16 | 13 | 3 | Conduct Application Penetration Testing | |
16 | 14 | 3 | Conduct Threat Modeling | |
17 | 1 | 1 | Designate Personnel to Manage Incident Handling | |
17 | 2 | 1 | Establish and Maintain Contact Information for Reporting Security Incidents | |
17 | 3 | 1 | Establish and Maintain an Enterprise Process for Reporting Incidents | |
17 | 4 | 2 | Establish and Maintain an Incident Response Process | |
17 | 5 | 2 | Assign Key Roles and Responsibilities | |
17 | 6 | 2 | Define Mechanisms for Communicating During Incident Response | |
17 | 7 | 2 | Conduct Routine Incident Response Exercises | |
17 | 8 | 2 | Conduct Post-Incident Reviews | |
17 | 9 | 3 | Establish and Maintain Security Incident Thresholds | |
18 | 1 | 2 | Establish and Maintain a Penetration Testing Program | |
18 | 2 | 2 | Perform Periodic External Penetration Tests | |
18 | 3 | 2 | Remediate Penetration Test Findings | |
18 | 4 | 3 | Validate Security Measures | |
18 | 5 | 3 | Perform Periodic Internal Penetration Tests |
...