CIS Control Mappings Info
- Ryan Seymour
Check out the CIS Controls Navigator for more insight into CIS Controls and Mappings.
https://www.cisecurity.org/controls/cis-controls-navigator
We have the Excel version of the ConnectSecure CIS Control mapping file for download here:
Control | SubControl | IG | SubControl Description | Coverage |
|---|---|---|---|---|
1 | 1 | 1 | Establish and Maintain Detailed Enterprise Asset Inventory | Facilitates |
1 | 2 | 1 | Address Unauthorized Assets | Facilitates |
1 | 3 | 2 | Utilize an Active Discovery Tool | Partial |
1 | 4 | 2 | Use DHCP Logging to update asset inventory |
|
1 | 5 | 3 | Use a Passive Asset Discovery Tool |
|
2 | 1 | 1 | Establish and Maintain a Software Inventory | Facilitates |
2 | 2 | 1 | Ensure Authorized Software is Currently Supported | Facilitates |
2 | 3 | 1 | Address Unauthorized Software | Facilitates |
2 | 4 | 2 | Utilize Automated Software Inventory Tools | Partial |
2 | 5 | 2 | Allowlist Authorized Software | Facilitates |
2 | 6 | 2 | Allowlist Authorized Libraries |
|
2 | 7 | 3 | Allowlist Authorized Scripts |
|
3 | 1 | 1 | Establish and Maintain a Data Management Process |
|
3 | 2 | 1 | Establish and Maintain a Data Inventory | Facilitates |
3 | 3 | 1 | Configure Data Access Control Lists |
|
3 | 4 | 1 | Enforce Data Retention |
|
3 | 5 | 1 | Securely Dispose of Data |
|
3 | 6 | 1 | Encrypt Data on End-User Devices |
|
3 | 7 | 2 | Establish and Maintain a Data Classification Scheme |
|
3 | 8 | 2 | Document Data Flows |
|
3 | 9 | 2 | Encrypt Data on Removable Media |
|
3 | 10 | 2 | Encrypt Sensitive Data In Transit |
|
3 | 11 | 2 | Encrypt Sensitive Data at Rest |
|
3 | 12 | 2 | Segment Data Processing and Storage Based on Sensitivity |
|
3 | 13 | 3 | Deploy a Data Loss Prevention Solution | Facilitates
|
3 | 14 | 3 | Log Sensitive Data Access |
|
4 | 1 | 1 | Establish and Maintain a Secure Configuration Process | Facilitates
|
4 | 2 | 1 | Establish and Maintain a Secure Configuration Process for Network Infrastructure |
|
4 | 3 | 1 | Configure Automatic Session Locking on Enterprise Assets | Facilitates |
4 | 4 | 1 | Implement and Manage a Firewall on Servers | Facilitates
|
4 | 5 | 1 | Implement and Manage a Firewall on End-User Devices | Facilitates |
4 | 6 | 1 | Securely Manage Enterprise Assets and Software |
|
4 | 7 | 1 | Manage Default Accounts on Enterprise Assets and Software | Facilitates |
4 | 8 | 2 | Uninstall or Disable Unnecessary Services on Enterprise Assets and Software | Facilitates |
4 | 9 | 2 | Configure Trusted DNS Servers on Enterprise Assets |
|
4 | 10 | 2 | Enforce Automatic Device Lockout on Portable End-User Devices | Facilitates |
4 | 11 | 2 | Enforce Remote Wipe Capability on Portable End-User Devices |
|
4 | 12 | 3 | Separate Enterprise Workspaces on Mobile End-User Devices |
|
5 | 1 | 1 | Establish and Maintain an Inventory of Accounts | Facilitates |
5 | 2 | 1 | Use Unique Passwords | Facilitates |
5 | 3 | 1 | Disable Dormant Accounts | Facilitates |
5 | 4 | 1 | Restrict Administrator Privileges to Dedicated Administrator Accounts |
|
5 | 5 | 2 | Establish and Maintain an Inventory of Service Accounts | Facilitates |
5 | 6 | 2 | Centralize Account Management |
|
6 | 1 | 1 | Establish an Access Granting Process |
|
6 | 2 | 1 | Establish an Access Revoking Process |
|
6 | 3 | 1 | Require MFA for Externally-Exposed Applications |
|
6 | 4 | 1 | Require MFA for Remote Network Access |
|
6 | 5 | 1 | Require MFA for Administrative Access |
|
6 | 6 | 2 | Establish and Maintain an Inventory of Authentication and Authorization Systems |
|
6 | 7 | 2 | Centralize Access Control |
|
6 | 8 | 3 | Define and Maintain Role-Based Access Control |
|
7 | 1 | 1 | Establish and Maintain a Vulnerability Management Process | Facilitates |
7 | 2 | 1 | Establish and Maintain a Remediation Process | Facilitates |
7 | 3 | 1 | Perform Automated Operating System Patch Management | Partial |
7 | 4 | 1 | Perform Automated Application Patch Management | Partial |
7 | 5 | 2 | Perform Automated Vulnerability Scans of Internal Enterprise Assets | Fully |
7 | 6 | 2 | Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets | Fully |
7 | 7 | 2 | Remediate Detected Vulnerabilities | Partial |
8 | 1 | 1 | Establish and Maintain an Audit Log Management Process |
|
8 | 2 | 1 | Collect Audit Logs |
|
8 | 3 | 1 | Ensure Adequate Audit Log Storage |
|
8 | 4 | 2 | Standardize Time Synchronization | Facilitates |
8 | 5 | 2 | Collect Detailed Audit Logs |
|
8 | 6 | 2 | Collect DNS Query Audit Logs |
|
8 | 7 | 2 | Collect URL Request Audit Logs |
|
8 | 8 | 2 | Collect Command-Line Audit Logs |
|
8 | 9 | 2 | Centralize Audit Logs |
|
8 | 10 | 2 | Retain Audit Logs |
|
8 | 11 | 2 | Conduct Audit Log Reviews |
|
8 | 12 | 3 | Collect Service Provider Logs |
|
9 | 1 | 1 | Ensure Use of Only Fully Supported Browsers and Email Clients | Facilitates |
9 | 2 | 1 | Use DNS Filtering Services |
|
9 | 3 | 2 | Maintain and Enforce Network-Based URL Filters |
|
9 | 4 | 2 | Restrict Unnecessary or Unauthorized Browser and Email Client Extensions |
|
9 | 5 | 2 | Implement DMARC |
|
9 | 6 | 2 | Block Unnecessary File Types |
|
9 | 7 | 3 | Deploy and Maintain Email Server Anti-Malware Protections |
|
10 | 1 | 1 | Deploy and Maintain Anti-Malware Software |
|
10 | 2 | 1 | Configure Automatic Anti-Malware Signature Updates |
|
10 | 3 | 1 | Disable Autorun and Autoplay for Removable Media |
|
10 | 4 | 2 | Configure Automatic Anti-Malware Scanning of Removable Media |
|
10 | 5 | 2 | Enable Anti-Exploitation Features |
|
10 | 6 | 2 | Centrally Manage Anti-Malware Software |
|
10 | 7 | 3 | Use Behavior-Based Anti-Malware Software |
|
11 | 1 | 1 | Establish and Maintain a Data Recovery Process |
|
11 | 2 | 1 | Perform Automated Backups |
|
11 | 3 | 1 | Protect Recovery Data |
|
11 | 4 | 1 | Establish and Maintain an Isolated Instance of Recovery Data |
|
11 | 5 | 2 | Test Data Recovery |
|
12 | 1 | 1 | Ensure Network Infrastructure is Up-to-Date | Facilitates |
12 | 2 | 2 | Establish and Maintain a Secure Network Architecture |
|
12 | 3 | 2 | Securely Manage Network Infrastructure |
|
12 | 4 | 2 | Establish and Maintain Architecture Diagram(s) |
|
12 | 5 | 2 | Centralize Network Authentication, Authorization, and Auditing (AAA) |
|
12 | 6 | 2 | Use of Secure Network Management and Communication Protocols |
|
12 | 7 | 2 | Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise’s AAA Infrastructure |
|
12 | 8 | 3 | Establish and Maintain Dedicated Computing Resources for All Administrative Work |
|
13 | 1 | 2 | Centralize Security Event Alerting |
|
13 | 2 | 2 | Deploy a Host-Based Intrusion Detection Solution |
|
13 | 3 | 2 | Deploy a Network Intrusion Detection Solution |
|
13 | 4 | 2 | Perform Traffic Filtering Between Network Segments |
|
13 | 5 | 2 | Manage Access Control for Remote Assets |
|
13 | 6 | 2 | Collect Network Traffic Flow Logs |
|
13 | 7 | 3 | Deploy a Host-Based Intrusion Prevention Solution |
|
13 | 8 | 3 | Deploy a Network Intrusion Prevention Solution |
|
13 | 9 | 3 | Deploy Port-Level Access Control |
|
13 | 10 | 3 | Perform Application Layer Filtering |
|
13 | 11 | 3 | Tune Security Event Alerting Thresholds |
|
14 | 1 | 1 | Establish and Maintain a Security Awareness Program |
|
14 | 2 | 1 | Train Workforce Members to Recognize Social Engineering Attacks |
|
14 | 3 | 1 | Train Workforce Members on Authentication Best Practices |
|
14 | 4 | 1 | Train Workforce on Data Handling Best Practices |
|
14 | 5 | 1 | Train Workforce Members on Causes of Unintentional Data Exposure |
|
14 | 6 | 1 | Train Workforce Members on Recognizing and Reporting Security Incidents |
|
14 | 7 | 1 | Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates |
|
14 | 8 | 1 | Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks |
|
14 | 9 | 2 | Conduct Role-Specific Security Awareness and Skills Training |
|
15 | 1 | 1 | Establish and Maintain an Inventory of Service Providers |
|
15 | 2 | 2 | Establish and Maintain a Service Provider Management Policy |
|
15 | 3 | 2 | Classify Service Providers |
|
15 | 4 | 2 | Ensure Service Provider Contracts Include Security Requirements |
|
15 | 5 | 3 | Assess Service Providers |
|
15 | 6 | 3 | Monitor Service Providers |
|
15 | 7 | 3 | Securely Decommission Service Providers |
|
16 | 1 | 2 | Establish and Maintain a Secure Application Development Process |
|
16 | 2 | 2 | Establish and Maintain a Process to Accept and Address Software Vulnerabilities |
|
16 | 3 | 2 | Perform Root Cause Analysis on Security Vulnerabilities |
|
16 | 4 | 2 | Establish and Manage an Inventory of Third-Party Software Components |
|
16 | 5 | 2 | Use Up-to-Date and Trusted Third-Party Software Components |
|
16 | 6 | 2 | Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities |
|
16 | 7 | 2 | Use Standard Hardening Configuration Templates for Application Infrastructure |
|
16 | 8 | 2 | Separate Production and Non-Production Systems |
|
16 | 9 | 2 | Train Developers in Application Security Concepts and Secure Coding |
|
16 | 10 | 2 | Apply Secure Design Principles in Application Architectures |
|
16 | 11 | 2 | Leverage Vetted Modules or Services for Application Security Components |
|
16 | 12 | 3 | Implement Code-Level Security Checks |
|
16 | 13 | 3 | Conduct Application Penetration Testing |
|
16 | 14 | 3 | Conduct Threat Modeling |
|
17 | 1 | 1 | Designate Personnel to Manage Incident Handling |
|
17 | 2 | 1 | Establish and Maintain Contact Information for Reporting Security Incidents |
|
17 | 3 | 1 | Establish and Maintain an Enterprise Process for Reporting Incidents |
|
17 | 4 | 2 | Establish and Maintain an Incident Response Process |
|
17 | 5 | 2 | Assign Key Roles and Responsibilities |
|
17 | 6 | 2 | Define Mechanisms for Communicating During Incident Response |
|
17 | 7 | 2 | Conduct Routine Incident Response Exercises |
|
17 | 8 | 2 | Conduct Post-Incident Reviews |
|
17 | 9 | 3 | Establish and Maintain Security Incident Thresholds |
|
18 | 1 | 2 | Establish and Maintain a Penetration Testing Program |
|
18 | 2 | 2 | Perform Periodic External Penetration Tests |
|
18 | 3 | 2 | Remediate Penetration Test Findings |
|
18 | 4 | 3 | Validate Security Measures |
|
18 | 5 | 3 | Perform Periodic Internal Penetration Tests |
|