CIS Control Mappings Info
- Ryan Seymour
Check out the CIS Controls Navigator for more insight into CIS Controls and Mappings.
https://www.cisecurity.org/controls/cis-controls-navigator
We have the Excel version of the ConnectSecure CIS Control mapping file for download here:
Control | SubControl | IG | SubControl Description | Coverage |
|---|---|---|---|---|
1 | 1 | 1 | Establish and Maintain Detailed Enterprise Asset Inventory | Facilitates |
1 | 2 | 1 | Address Unauthorized Assets | Facilitates |
1 | 3 | 2 | Utilize an Active Discovery Tool | Partial |
1 | 4 | 2 | Use DHCP Logging to update asset inventory | Â |
1 | 5 | 3 | Use a Passive Asset Discovery Tool | Â |
2 | 1 | 1 | Establish and Maintain a Software Inventory | Facilitates |
2 | 2 | 1 | Ensure Authorized Software is Currently Supported | Facilitates |
2 | 3 | 1 | Address Unauthorized Software | Facilitates |
2 | 4 | 2 | Utilize Automated Software Inventory Tools | Partial |
2 | 5 | 2 | Allowlist Authorized Software | Facilitates |
2 | 6 | 2 | Allowlist Authorized Libraries | Â |
2 | 7 | 3 | Allowlist Authorized Scripts | Â |
3 | 1 | 1 | Establish and Maintain a Data Management Process | Â |
3 | 2 | 1 | Establish and Maintain a Data Inventory | Facilitates |
3 | 3 | 1 | Configure Data Access Control Lists | Â |
3 | 4 | 1 | Enforce Data Retention | Â |
3 | 5 | 1 | Securely Dispose of Data | Â |
3 | 6 | 1 | Encrypt Data on End-User Devices | Â |
3 | 7 | 2 | Establish and Maintain a Data Classification Scheme | Â |
3 | 8 | 2 | Document Data Flows | Â |
3 | 9 | 2 | Encrypt Data on Removable Media | Â |
3 | 10 | 2 | Encrypt Sensitive Data In Transit | Â |
3 | 11 | 2 | Encrypt Sensitive Data at Rest | Â |
3 | 12 | 2 | Segment Data Processing and Storage Based on Sensitivity | Â |
3 | 13 | 3 | Deploy a Data Loss Prevention Solution | Facilitates  |
3 | 14 | 3 | Log Sensitive Data Access | Â |
4 | 1 | 1 | Establish and Maintain a Secure Configuration Process | Facilitates  |
4 | 2 | 1 | Establish and Maintain a Secure Configuration Process for Network Infrastructure | Â |
4 | 3 | 1 | Configure Automatic Session Locking on Enterprise Assets | Facilitates |
4 | 4 | 1 | Implement and Manage a Firewall on Servers | Facilitates  |
4 | 5 | 1 | Implement and Manage a Firewall on End-User Devices | Facilitates |
4 | 6 | 1 | Securely Manage Enterprise Assets and Software | Â |
4 | 7 | 1 | Manage Default Accounts on Enterprise Assets and Software | Facilitates |
4 | 8 | 2 | Uninstall or Disable Unnecessary Services on Enterprise Assets and Software | Facilitates |
4 | 9 | 2 | Configure Trusted DNS Servers on Enterprise Assets | Â |
4 | 10 | 2 | Enforce Automatic Device Lockout on Portable End-User Devices | Facilitates |
4 | 11 | 2 | Enforce Remote Wipe Capability on Portable End-User Devices | Â |
4 | 12 | 3 | Separate Enterprise Workspaces on Mobile End-User Devices | Â |
5 | 1 | 1 | Establish and Maintain an Inventory of Accounts | Facilitates |
5 | 2 | 1 | Use Unique Passwords | Facilitates |
5 | 3 | 1 | Disable Dormant Accounts | Facilitates |
5 | 4 | 1 | Restrict Administrator Privileges to Dedicated Administrator Accounts | Â |
5 | 5 | 2 | Establish and Maintain an Inventory of Service Accounts | Facilitates |
5 | 6 | 2 | Centralize Account Management | Â |
6 | 1 | 1 | Establish an Access Granting Process | Â |
6 | 2 | 1 | Establish an Access Revoking Process | Â |
6 | 3 | 1 | Require MFA for Externally-Exposed Applications | Â |
6 | 4 | 1 | Require MFA for Remote Network Access | Â |
6 | 5 | 1 | Require MFA for Administrative Access | Â |
6 | 6 | 2 | Establish and Maintain an Inventory of Authentication and Authorization Systems | Â |
6 | 7 | 2 | Centralize Access Control | Â |
6 | 8 | 3 | Define and Maintain Role-Based Access Control | Â |
7 | 1 | 1 | Establish and Maintain a Vulnerability Management Process | Facilitates |
7 | 2 | 1 | Establish and Maintain a Remediation Process | Facilitates |
7 | 3 | 1 | Perform Automated Operating System Patch Management | Partial |
7 | 4 | 1 | Perform Automated Application Patch Management | Partial |
7 | 5 | 2 | Perform Automated Vulnerability Scans of Internal Enterprise Assets | Fully |
7 | 6 | 2 | Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets | Fully |
7 | 7 | 2 | Remediate Detected Vulnerabilities | Partial |
8 | 1 | 1 | Establish and Maintain an Audit Log Management Process | Â |
8 | 2 | 1 | Collect Audit Logs | Â |
8 | 3 | 1 | Ensure Adequate Audit Log Storage | Â |
8 | 4 | 2 | Standardize Time Synchronization | Facilitates |
8 | 5 | 2 | Collect Detailed Audit Logs | Â |
8 | 6 | 2 | Collect DNS Query Audit Logs | Â |
8 | 7 | 2 | Collect URL Request Audit Logs | Â |
8 | 8 | 2 | Collect Command-Line Audit Logs | Â |
8 | 9 | 2 | Centralize Audit Logs | Â |
8 | 10 | 2 | Retain Audit Logs | Â |
8 | 11 | 2 | Conduct Audit Log Reviews | Â |
8 | 12 | 3 | Collect Service Provider Logs | Â |
9 | 1 | 1 | Ensure Use of Only Fully Supported Browsers and Email Clients | Facilitates |
9 | 2 | 1 | Use DNS Filtering Services | Â |
9 | 3 | 2 | Maintain and Enforce Network-Based URL Filters | Â |
9 | 4 | 2 | Restrict Unnecessary or Unauthorized Browser and Email Client Extensions | Â |
9 | 5 | 2 | Implement DMARC | Â |
9 | 6 | 2 | Block Unnecessary File Types | Â |
9 | 7 | 3 | Deploy and Maintain Email Server Anti-Malware Protections | Â |
10 | 1 | 1 | Deploy and Maintain Anti-Malware Software | Â |
10 | 2 | 1 | Configure Automatic Anti-Malware Signature Updates | Â |
10 | 3 | 1 | Disable Autorun and Autoplay for Removable Media | Â |
10 | 4 | 2 | Configure Automatic Anti-Malware Scanning of Removable Media | Â |
10 | 5 | 2 | Enable Anti-Exploitation Features | Â |
10 | 6 | 2 | Centrally Manage Anti-Malware Software | Â |
10 | 7 | 3 | Use Behavior-Based Anti-Malware Software | Â |
11 | 1 | 1 | Establish and Maintain a Data Recovery Process | Â |
11 | 2 | 1 | Perform Automated Backups | Â |
11 | 3 | 1 | Protect Recovery Data | Â |
11 | 4 | 1 | Establish and Maintain an Isolated Instance of Recovery Data | Â |
11 | 5 | 2 | Test Data Recovery | Â |
12 | 1 | 1 | Ensure Network Infrastructure is Up-to-Date | Facilitates |
12 | 2 | 2 | Establish and Maintain a Secure Network Architecture | Â |
12 | 3 | 2 | Securely Manage Network Infrastructure | Â |
12 | 4 | 2 | Establish and Maintain Architecture Diagram(s) | Â |
12 | 5 | 2 | Centralize Network Authentication, Authorization, and Auditing (AAA) | Â |
12 | 6 | 2 | Use of Secure Network Management and Communication Protocols | Â |
12 | 7 | 2 | Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise’s AAA Infrastructure |  |
12 | 8 | 3 | Establish and Maintain Dedicated Computing Resources for All Administrative Work | Â |
13 | 1 | 2 | Centralize Security Event Alerting | Â |
13 | 2 | 2 | Deploy a Host-Based Intrusion Detection Solution | Â |
13 | 3 | 2 | Deploy a Network Intrusion Detection Solution | Â |
13 | 4 | 2 | Perform Traffic Filtering Between Network Segments | Â |
13 | 5 | 2 | Manage Access Control for Remote Assets | Â |
13 | 6 | 2 | Collect Network Traffic Flow Logs | Â |
13 | 7 | 3 | Deploy a Host-Based Intrusion Prevention Solution | Â |
13 | 8 | 3 | Deploy a Network Intrusion Prevention Solution | Â |
13 | 9 | 3 | Deploy Port-Level Access Control | Â |
13 | 10 | 3 | Perform Application Layer Filtering | Â |
13 | 11 | 3 | Tune Security Event Alerting Thresholds | Â |
14 | 1 | 1 | Establish and Maintain a Security Awareness Program | Â |
14 | 2 | 1 | Train Workforce Members to Recognize Social Engineering Attacks | Â |
14 | 3 | 1 | Train Workforce Members on Authentication Best Practices | Â |
14 | 4 | 1 | Train Workforce on Data Handling Best Practices | Â |
14 | 5 | 1 | Train Workforce Members on Causes of Unintentional Data Exposure | Â |
14 | 6 | 1 | Train Workforce Members on Recognizing and Reporting Security Incidents | Â |
14 | 7 | 1 | Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates | Â |
14 | 8 | 1 | Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks | Â |
14 | 9 | 2 | Conduct Role-Specific Security Awareness and Skills Training | Â |
15 | 1 | 1 | Establish and Maintain an Inventory of Service Providers | Â |
15 | 2 | 2 | Establish and Maintain a Service Provider Management Policy | Â |
15 | 3 | 2 | Classify Service Providers | Â |
15 | 4 | 2 | Ensure Service Provider Contracts Include Security Requirements | Â |
15 | 5 | 3 | Assess Service Providers | Â |
15 | 6 | 3 | Monitor Service Providers | Â |
15 | 7 | 3 | Securely Decommission Service Providers | Â |
16 | 1 | 2 | Establish and Maintain a Secure Application Development Process | Â |
16 | 2 | 2 | Establish and Maintain a Process to Accept and Address Software Vulnerabilities | Â |
16 | 3 | 2 | Perform Root Cause Analysis on Security Vulnerabilities | Â |
16 | 4 | 2 | Establish and Manage an Inventory of Third-Party Software Components | Â |
16 | 5 | 2 | Use Up-to-Date and Trusted Third-Party Software Components | Â |
16 | 6 | 2 | Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities | Â |
16 | 7 | 2 | Use Standard Hardening Configuration Templates for Application Infrastructure | Â |
16 | 8 | 2 | Separate Production and Non-Production Systems | Â |
16 | 9 | 2 | Train Developers in Application Security Concepts and Secure Coding | Â |
16 | 10 | 2 | Apply Secure Design Principles in Application Architectures | Â |
16 | 11 | 2 | Leverage Vetted Modules or Services for Application Security Components | Â |
16 | 12 | 3 | Implement Code-Level Security Checks | Â |
16 | 13 | 3 | Conduct Application Penetration Testing | Â |
16 | 14 | 3 | Conduct Threat Modeling | Â |
17 | 1 | 1 | Designate Personnel to Manage Incident Handling | Â |
17 | 2 | 1 | Establish and Maintain Contact Information for Reporting Security Incidents | Â |
17 | 3 | 1 | Establish and Maintain an Enterprise Process for Reporting Incidents | Â |
17 | 4 | 2 | Establish and Maintain an Incident Response Process | Â |
17 | 5 | 2 | Assign Key Roles and Responsibilities | Â |
17 | 6 | 2 | Define Mechanisms for Communicating During Incident Response | Â |
17 | 7 | 2 | Conduct Routine Incident Response Exercises | Â |
17 | 8 | 2 | Conduct Post-Incident Reviews | Â |
17 | 9 | 3 | Establish and Maintain Security Incident Thresholds | Â |
18 | 1 | 2 | Establish and Maintain a Penetration Testing Program | Â |
18 | 2 | 2 | Perform Periodic External Penetration Tests | Â |
18 | 3 | 2 | Remediate Penetration Test Findings | Â |
18 | 4 | 3 | Validate Security Measures | Â |
18 | 5 | 3 | Perform Periodic Internal Penetration Tests | Â |
Â
Â
Â
Â
Â