Temp2
Jump to navigation
Jump to search
| CIS Control | CIS Safeguard | Asset Type | Security Function | Title |
| 1 | Inventory and Control of Enterprise Assets | |||
| 1 | 1,1 | Devices | Identify | Establish and Maintain Detailed Enterprise Asset Inventory |
| 1 | 1,2 | Devices | Respond | Address Unauthorized Assets |
| 1 | 1,3 | Devices | Detect | Utilize an Active Discovery Tool |
| 1 | 1,4 | Devices | Identify | Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory |
| 1 | 1,5 | Devices | Detect | Use a Passive Asset Discovery Tool |
| 2 | Inventory and Control of Software Assets | |||
| 2 | 2,1 | Applications | Identify | Establish and Maintain a Software Inventory |
| 2 | 2,2 | Applications | Identify | Ensure Authorized Software is Currently Supported |
| 2 | 2,3 | Applications | Respond | Address Unauthorized Software |
| 2 | 2,4 | Applications | Detect | Utilize Automated Software Inventory Tools |
| 2 | 2,5 | Applications | Protect | Allowlist Authorized Software |
| 2 | 2,6 | Applications | Protect | Allowlist Authorized Libraries |
| 2 | 2,7 | Applications | Protect | Allowlist Authorized Scripts |
| 3 | Data Protection | |||
| 3 | 3,1 | Data | Identify | Establish and Maintain a Data Management Process |
| 3 | 3,2 | Data | Identify | Establish and Maintain a Data Inventory |
| 3 | 3,3 | Data | Protect | Configure Data Access Control Lists |
| 3 | 3,4 | Data | Protect | Enforce Data Retention |
| 3 | 3,5 | Data | Protect | Securely Dispose of Data |
| 3 | 3,6 | Devices | Protect | Encrypt Data on End-User Devices |
| 3 | 3,7 | Data | Identify | Establish and Maintain a Data Classification Scheme |
| 3 | 3,8 | Data | Identify | Document Data Flows |
| 3 | 3,9 | Data | Protect | Encrypt Data on Removable Media |
| 3 | 3,10 | Data | Protect | Encrypt Sensitive Data in Transit |
| 3 | 3,11 | Data | Protect | Encrypt Sensitive Data at Rest |
| 3 | 3,12 | Network | Protect | Segment Data Processing and Storage Based on Sensitivity |
| 3 | 3,13 | Data | Protect | Deploy a Data Loss Prevention Solution |
| 3 | 3,14 | Data | Detect | Log Sensitive Data Access |
| 4 | Secure Configuration of Enterprise Assets and Software | |||
| 4 | 4,1 | Applications | Protect | Establish and Maintain a Secure Configuration Process |
| 4 | 4,2 | Network | Protect | Establish and Maintain a Secure Configuration Process for Network Infrastructure |
| 4 | 4,3 | Users | Protect | Configure Automatic Session Locking on Enterprise Assets |
| 4 | 4,4 | Devices | Protect | Implement and Manage a Firewall on Servers |
| 4 | 4,5 | Devices | Protect | Implement and Manage a Firewall on End-User Devices |
| 4 | 4,6 | Network | Protect | Securely Manage Enterprise Assets and Software |
| 4 | 4,7 | Users | Protect | Manage Default Accounts on Enterprise Assets and Software |
| 4 | 4,8 | Devices | Protect | Uninstall or Disable Unnecessary Services on Enterprise Assets and Software |
| 4 | 4,9 | Devices | Protect | Configure Trusted DNS Servers on Enterprise Assets |
| 4 | 4,10 | Devices | Respond | Enforce Automatic Device Lockout on Portable End-User Devices |
| 4 | 4,11 | Devices | Protect | Enforce Remote Wipe Capability on Portable End-User Devices |
| 4 | 4,12 | Devices | Protect | Separate Enterprise Workspaces on Mobile End-User Devices |
| 5 | Account Management | |||
| 5 | 5,1 | Users | Identify | Establish and Maintain an Inventory of Accounts |
| 5 | 5,2 | Users | Protect | Use Unique Passwords |
| 5 | 5,3 | Users | Respond | Disable Dormant Accounts |
| 5 | 5,4 | Users | Protect | Restrict Administrator Privileges to Dedicated Administrator Accounts |
| 5 | 5,5 | Users | Identify | Establish and Maintain an Inventory of Service Accounts |
| 5 | 5,6 | Users | Protect | Centralize Account Management |
| 6 | Access Control Management | |||
| 6 | 6,1 | Users | Protect | Establish an Access Granting Process |
| 6 | 6,2 | Users | Protect | Establish an Access Revoking Process |
| 6 | 6,3 | Users | Protect | Require MFA for Externally-Exposed Applications |
| 6 | 6,4 | Users | Protect | Require MFA for Remote Network Access |
| 6 | 6,5 | Users | Protect | Require MFA for Administrative Access |
| 6 | 6,6 | Users | Identify | Establish and Maintain an Inventory of Authentication and Authorization Systems |
| 6 | 6,7 | Users | Protect | Centralize Access Control |
| 6 | 6,8 | Data | Protect | Define and Maintain Role-Based Access Control |
| 7 | Continuous Vulnerability Management | |||
| 7 | 7,1 | Applications | Protect | Establish and Maintain a Vulnerability Management Process |
| 7 | 7,2 | Applications | Respond | Establish and Maintain a Remediation Process |
| 7 | 7,3 | Applications | Protect | Perform Automated Operating System Patch Management |
| 7 | 7,4 | Applications | Protect | Perform Automated Application Patch Management |
| 7 | 7,5 | Applications | Identify | Perform Automated Vulnerability Scans of Internal Enterprise Assets |
| 7 | 7,6 | Applications | Identify | Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets |
| 7 | 7,7 | Applications | Respond | Remediate Detected Vulnerabilities |
| 8 | Audit Log Management | |||
| 8 | 8,1 | Network | Protect | Establish and Maintain an Audit Log Management Process |
| 8 | 8,2 | Network | Detect | Collect Audit Logs |
| 8 | 8,3 | Network | Protect | Ensure Adequate Audit Log Storage |
| 8 | 8,4 | Network | Protect | Standardize Time Synchronization |
| 8 | 8,5 | Network | Detect | Collect Detailed Audit Logs |
| 8 | 8,6 | Network | Detect | Collect DNS Query Audit Logs |
| 8 | 8,7 | Network | Detect | Collect URL Request Audit Logs |
| 8 | 8,8 | Devices | Detect | Collect Command-Line Audit Logs |
| 8 | 8,9 | Network | Detect | Centralize Audit Logs |
| 8 | 8,10 | Network | Protect | Retain Audit Logs |
| 8 | 8,11 | Network | Detect | Conduct Audit Log Reviews |
| 8 | 8,12 | Data | Detect | Collect Service Provider Logs |
| 9 | Email and Web Browser Protections | |||
| 9 | 9,1 | Applications | Protect | Ensure Use of Only Fully Supported Browsers and Email Clients |
| 9 | 9,2 | Network | Protect | Use DNS Filtering Services |
| 9 | 9,3 | Network | Protect | Maintain and Enforce Network-Based URL Filters |
| 9 | 9,4 | Applications | Protect | Restrict Unnecessary or Unauthorized Browser and Email Client Extensions |
| 9 | 9,5 | Network | Protect | Implement DMARC |
| 9 | 9,6 | Network | Protect | Block Unnecessary File Types |
| 9 | 9,7 | Network | Protect | Deploy and Maintain Email Server Anti-Malware Protections |
| 10 | Malware Defenses | |||
| 10 | 10,1 | Devices | Protect | Deploy and Maintain Anti-Malware Software |
| 10 | 10,2 | Devices | Protect | Configure Automatic Anti-Malware Signature Updates |
| 10 | 10,3 | Devices | Protect | Disable Autorun and Autoplay for Removable Media |
| 10 | 10,4 | Devices | Detect | Configure Automatic Anti-Malware Scanning of Removable Media |
| 10 | 10,5 | Devices | Protect | Enable Anti-Exploitation Features |
| 10 | 10,6 | Devices | Protect | Centrally Manage Anti-Malware Software |
| 10 | 10,7 | Devices | Detect | Use Behavior-Based Anti-Malware Software |
| 11 | Data Recovery | |||
| 11 | 11,1 | Data | Recover | Establish and Maintain a Data Recovery Process |
| 11 | 11,2 | Data | Recover | Perform Automated Backups |
| 11 | 11,3 | Data | Protect | Protect Recovery Data |
| 11 | 11,4 | Data | Recover | Establish and Maintain an Isolated Instance of Recovery Data |
| 11 | 11,5 | Data | Recover | Test Data Recovery |
| 12 | Network Infrastructure Management | |||
| 12 | 12,1 | Network | Protect | Ensure Network Infrastructure is Up-to-Date |
| 12 | 12,2 | Network | Protect | Establish and Maintain a Secure Network Architecture |
| 12 | 12,3 | Network | Protect | Securely Manage Network Infrastructure |
| 12 | 12,4 | Network | Identify | Establish and Maintain Architecture Diagram(s) |
| 12 | 12,5 | Network | Protect | Centralize Network Authentication, Authorization, and Auditing (AAA) |
| 12 | 12,6 | Network | Protect | Use of Secure Network Management and Communication Protocols |
| 12 | 12,7 | Devices | Protect | Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise’s AAA Infrastructure |
| 12 | 12,8 | Devices | Protect | Establish and Maintain Dedicated Computing Resources for All Administrative Work |
| 13 | Network Monitoring and Defense | |||
| 13 | 13,1 | Network | Detect | Centralize Security Event Alerting |
| 13 | 13,2 | Devices | Detect | Deploy a Host-Based Intrusion Detection Solution |
| 13 | 13,3 | Network | Detect | Deploy a Network Intrusion Detection Solution |
| 13 | 13,4 | Network | Protect | Perform Traffic Filtering Between Network Segments |
| 13 | 13,5 | Devices | Protect | Manage Access Control for Remote Assets |
| 13 | 13,6 | Network | Detect | Collect Network Traffic Flow Logs |
| 13 | 13,7 | Devices | Protect | Deploy a Host-Based Intrusion Prevention Solution |
| 13 | 13,8 | Network | Protect | Deploy a Network Intrusion Prevention Solution |
| 13 | 13,9 | Devices | Protect | Deploy Port-Level Access Control |
| 13 | 13,10 | Network | Protect | Perform Application Layer Filtering |
| 13 | 13,11 | Network | Detect | Tune Security Event Alerting Thresholds |
| 14 | Security Awareness and Skills Training | |||
| 14 | 14,1 | N/A | Protect | Establish and Maintain a Security Awareness Program |
| 14 | 14,2 | N/A | Protect | Train Workforce Members to Recognize Social Engineering Attacks |
| 14 | 14,3 | N/A | Protect | Train Workforce Members on Authentication Best Practices |
| 14 | 14,4 | N/A | Protect | Train Workforce on Data Handling Best Practices |
| 14 | 14,5 | N/A | Protect | Train Workforce Members on Causes of Unintentional Data Exposure |
| 14 | 14,6 | N/A | Protect | Train Workforce Members on Recognizing and Reporting Security Incidents |
| 14 | 14,7 | N/A | Protect | Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates |
| 14 | 14,8 | N/A | Protect | Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks |
| 14 | 14,9 | N/A | Protect | Conduct Role-Specific Security Awareness and Skills Training |
| 15 | Service Provider Management | |||
| 15 | 15,1 | N/A | Identify | Establish and Maintain an Inventory of Service Providers |
| 15 | 15,2 | N/A | Identify | Establish and Maintain a Service Provider Management Policy |
| 15 | 15,3 | N/A | Identify | Classify Service Providers |
| 15 | 15,4 | N/A | Protect | Ensure Service Provider Contracts Include Security Requirements |
| 15 | 15,5 | N/A | Identify | Assess Service Providers |
| 15 | 15,6 | Data | Detect | Monitor Service Providers |
| 15 | 15,7 | Data | Protect | Securely Decommission Service Providers |
| 16 | Application Software Security | |||
| 16 | 16,1 | Applications | Protect | Establish and Maintain a Secure Application Development Process |
| 16 | 16,2 | Applications | Protect | Establish and Maintain a Process to Accept and Address Software Vulnerabilities |
| 16 | 16,3 | Applications | Protect | Perform Root Cause Analysis on Security Vulnerabilities |
| 16 | 16,4 | Applications | Protect | Establish and Manage an Inventory of Third-Party Software Components |
| 16 | 16,5 | Applications | Protect | Use Up-to-Date and Trusted Third-Party Software Components |
| 16 | 16,6 | Applications | Protect | Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities |
| 16 | 16,7 | Applications | Protect | Use Standard Hardening Configuration Templates for Application Infrastructure |
| 16 | 16,8 | Applications | Protect | Separate Production and Non-Production Systems |
| 16 | 16,9 | Applications | Protect | Train Developers in Application Security Concepts and Secure Coding |
| 16 | 16,10 | Applications | Protect | Apply Secure Design Principles in Application Architectures |
| 16 | 16,11 | Applications | Protect | Leverage Vetted Modules or Services for Application Security Components |
| 16 | 16,12 | Applications | Protect | Implement Code-Level Security Checks |
| 16 | 16,13 | Applications | Protect | Conduct Application Penetration Testing |
| 16 | 16,14 | Applications | Protect | Conduct Threat Modeling |
| 17 | Incident Response Management | |||
| 17 | 17,1 | N/A | Respond | Designate Personnel to Manage Incident Handling |
| 17 | 17,2 | N/A | Respond | Establish and Maintain Contact Information for Reporting Security Incidents |
| 17 | 17,3 | N/A | Respond | Establish and Maintain an Enterprise Process for Reporting Incidents |
| 17 | 17,4 | N/A | Respond | Establish and Maintain an Incident Response Process |
| 17 | 17,5 | N/A | Respond | Assign Key Roles and Responsibilities |
| 17 | 17,6 | N/A | Respond | Define Mechanisms for Communicating During Incident Response |
| 17 | 17,7 | N/A | Recover | Conduct Routine Incident Response Exercises |
| 17 | 17,8 | N/A | Recover | Conduct Post-Incident Reviews |
| 17 | 17,9 | N/A | Recover | Establish and Maintain Security Incident Thresholds |
| 18 | Penetration Testing | |||
| 18 | 18,1 | N/A | Identify | Establish and Maintain a Penetration Testing Program |
| 18 | 18,2 | Network | Identify | Perform Periodic External Penetration Tests |
| 18 | 18,3 | Network | Protect | Remediate Penetration Test Findings |
| 18 | 18,4 | Network | Protect | Validate Security Measures |
| 18 | 18,5 | N/A | Identify | Perform Periodic Internal Penetration Tests |