| CIS Control
|
CIS Safeguard
|
Asset Type
|
Security Function
|
Title
|
| 1
|
|
|
|
Inventory and Control of Enterprise Assets
|
| 1
|
1,1
|
Devices
|
Identify
|
Establish and Maintain Detailed Enterprise Asset Inventory
|
| 1
|
1,2
|
Devices
|
Respond
|
Address Unauthorized Assets
|
| 1
|
1,3
|
Devices
|
Detect
|
Utilize an Active Discovery Tool
|
| 1
|
1,4
|
Devices
|
Identify
|
Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory
|
| 1
|
1,5
|
Devices
|
Detect
|
Use a Passive Asset Discovery Tool
|
| 2
|
|
|
|
Inventory and Control of Software Assets
|
| 2
|
2,1
|
Applications
|
Identify
|
Establish and Maintain a Software Inventory
|
| 2
|
2,2
|
Applications
|
Identify
|
Ensure Authorized Software is Currently Supported
|
| 2
|
2,3
|
Applications
|
Respond
|
Address Unauthorized Software
|
| 2
|
2,4
|
Applications
|
Detect
|
Utilize Automated Software Inventory Tools
|
| 2
|
2,5
|
Applications
|
Protect
|
Allowlist Authorized Software
|
| 2
|
2,6
|
Applications
|
Protect
|
Allowlist Authorized Libraries
|
| 2
|
2,7
|
Applications
|
Protect
|
Allowlist Authorized Scripts
|
| 3
|
|
|
|
Data Protection
|
| 3
|
3,1
|
Data
|
Identify
|
Establish and Maintain a Data Management Process
|
| 3
|
3,2
|
Data
|
Identify
|
Establish and Maintain a Data Inventory
|
| 3
|
3,3
|
Data
|
Protect
|
Configure Data Access Control Lists
|
| 3
|
3,4
|
Data
|
Protect
|
Enforce Data Retention
|
| 3
|
3,5
|
Data
|
Protect
|
Securely Dispose of Data
|
| 3
|
3,6
|
Devices
|
Protect
|
Encrypt Data on End-User Devices
|
| 3
|
3,7
|
Data
|
Identify
|
Establish and Maintain a Data Classification Scheme
|
| 3
|
3,8
|
Data
|
Identify
|
Document Data Flows
|
| 3
|
3,9
|
Data
|
Protect
|
Encrypt Data on Removable Media
|
| 3
|
3,10
|
Data
|
Protect
|
Encrypt Sensitive Data in Transit
|
| 3
|
3,11
|
Data
|
Protect
|
Encrypt Sensitive Data at Rest
|
| 3
|
3,12
|
Network
|
Protect
|
Segment Data Processing and Storage Based on Sensitivity
|
| 3
|
3,13
|
Data
|
Protect
|
Deploy a Data Loss Prevention Solution
|
| 3
|
3,14
|
Data
|
Detect
|
Log Sensitive Data Access
|
| 4
|
|
|
|
Secure Configuration of Enterprise Assets and Software
|
| 4
|
4,1
|
Applications
|
Protect
|
Establish and Maintain a Secure Configuration Process
|
| 4
|
4,2
|
Network
|
Protect
|
Establish and Maintain a Secure Configuration Process for Network Infrastructure
|
| 4
|
4,3
|
Users
|
Protect
|
Configure Automatic Session Locking on Enterprise Assets
|
| 4
|
4,4
|
Devices
|
Protect
|
Implement and Manage a Firewall on Servers
|
| 4
|
4,5
|
Devices
|
Protect
|
Implement and Manage a Firewall on End-User Devices
|
| 4
|
4,6
|
Network
|
Protect
|
Securely Manage Enterprise Assets and Software
|
| 4
|
4,7
|
Users
|
Protect
|
Manage Default Accounts on Enterprise Assets and Software
|
| 4
|
4,8
|
Devices
|
Protect
|
Uninstall or Disable Unnecessary Services on Enterprise Assets and Software
|
| 4
|
4,9
|
Devices
|
Protect
|
Configure Trusted DNS Servers on Enterprise Assets
|
| 4
|
4,10
|
Devices
|
Respond
|
Enforce Automatic Device Lockout on Portable End-User Devices
|
| 4
|
4,11
|
Devices
|
Protect
|
Enforce Remote Wipe Capability on Portable End-User Devices
|
| 4
|
4,12
|
Devices
|
Protect
|
Separate Enterprise Workspaces on Mobile End-User Devices
|
| 5
|
|
|
|
Account Management
|
| 5
|
5,1
|
Users
|
Identify
|
Establish and Maintain an Inventory of Accounts
|
| 5
|
5,2
|
Users
|
Protect
|
Use Unique Passwords
|
| 5
|
5,3
|
Users
|
Respond
|
Disable Dormant Accounts
|
| 5
|
5,4
|
Users
|
Protect
|
Restrict Administrator Privileges to Dedicated Administrator Accounts
|
| 5
|
5,5
|
Users
|
Identify
|
Establish and Maintain an Inventory of Service Accounts
|
| 5
|
5,6
|
Users
|
Protect
|
Centralize Account Management
|
| 6
|
|
|
|
Access Control Management
|
| 6
|
6,1
|
Users
|
Protect
|
Establish an Access Granting Process
|
| 6
|
6,2
|
Users
|
Protect
|
Establish an Access Revoking Process
|
| 6
|
6,3
|
Users
|
Protect
|
Require MFA for Externally-Exposed Applications
|
| 6
|
6,4
|
Users
|
Protect
|
Require MFA for Remote Network Access
|
| 6
|
6,5
|
Users
|
Protect
|
Require MFA for Administrative Access
|
| 6
|
6,6
|
Users
|
Identify
|
Establish and Maintain an Inventory of Authentication and Authorization Systems
|
| 6
|
6,7
|
Users
|
Protect
|
Centralize Access Control
|
| 6
|
6,8
|
Data
|
Protect
|
Define and Maintain Role-Based Access Control
|
| 7
|
|
|
|
Continuous Vulnerability Management
|
| 7
|
7,1
|
Applications
|
Protect
|
Establish and Maintain a Vulnerability Management Process
|
| 7
|
7,2
|
Applications
|
Respond
|
Establish and Maintain a Remediation Process
|
| 7
|
7,3
|
Applications
|
Protect
|
Perform Automated Operating System Patch Management
|
| 7
|
7,4
|
Applications
|
Protect
|
Perform Automated Application Patch Management
|
| 7
|
7,5
|
Applications
|
Identify
|
Perform Automated Vulnerability Scans of Internal Enterprise Assets
|
| 7
|
7,6
|
Applications
|
Identify
|
Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets
|
| 7
|
7,7
|
Applications
|
Respond
|
Remediate Detected Vulnerabilities
|
| 8
|
|
|
|
Audit Log Management
|
| 8
|
8,1
|
Network
|
Protect
|
Establish and Maintain an Audit Log Management Process
|
| 8
|
8,2
|
Network
|
Detect
|
Collect Audit Logs
|
| 8
|
8,3
|
Network
|
Protect
|
Ensure Adequate Audit Log Storage
|
| 8
|
8,4
|
Network
|
Protect
|
Standardize Time Synchronization
|
| 8
|
8,5
|
Network
|
Detect
|
Collect Detailed Audit Logs
|
| 8
|
8,6
|
Network
|
Detect
|
Collect DNS Query Audit Logs
|
| 8
|
8,7
|
Network
|
Detect
|
Collect URL Request Audit Logs
|
| 8
|
8,8
|
Devices
|
Detect
|
Collect Command-Line Audit Logs
|
| 8
|
8,9
|
Network
|
Detect
|
Centralize Audit Logs
|
| 8
|
8,10
|
Network
|
Protect
|
Retain Audit Logs
|
| 8
|
8,11
|
Network
|
Detect
|
Conduct Audit Log Reviews
|
| 8
|
8,12
|
Data
|
Detect
|
Collect Service Provider Logs
|
| 9
|
|
|
|
Email and Web Browser Protections
|
| 9
|
9,1
|
Applications
|
Protect
|
Ensure Use of Only Fully Supported Browsers and Email Clients
|
| 9
|
9,2
|
Network
|
Protect
|
Use DNS Filtering Services
|
| 9
|
9,3
|
Network
|
Protect
|
Maintain and Enforce Network-Based URL Filters
|
| 9
|
9,4
|
Applications
|
Protect
|
Restrict Unnecessary or Unauthorized Browser and Email Client Extensions
|
| 9
|
9,5
|
Network
|
Protect
|
Implement DMARC
|
| 9
|
9,6
|
Network
|
Protect
|
Block Unnecessary File Types
|
| 9
|
9,7
|
Network
|
Protect
|
Deploy and Maintain Email Server Anti-Malware Protections
|
| 10
|
|
|
|
Malware Defenses
|
| 10
|
10,1
|
Devices
|
Protect
|
Deploy and Maintain Anti-Malware Software
|
| 10
|
10,2
|
Devices
|
Protect
|
Configure Automatic Anti-Malware Signature Updates
|
| 10
|
10,3
|
Devices
|
Protect
|
Disable Autorun and Autoplay for Removable Media
|
| 10
|
10,4
|
Devices
|
Detect
|
Configure Automatic Anti-Malware Scanning of Removable Media
|
| 10
|
10,5
|
Devices
|
Protect
|
Enable Anti-Exploitation Features
|
| 10
|
10,6
|
Devices
|
Protect
|
Centrally Manage Anti-Malware Software
|
| 10
|
10,7
|
Devices
|
Detect
|
Use Behavior-Based Anti-Malware Software
|
| 11
|
|
|
|
Data Recovery
|
| 11
|
11,1
|
Data
|
Recover
|
Establish and Maintain a Data Recovery Process
|
| 11
|
11,2
|
Data
|
Recover
|
Perform Automated Backups
|
| 11
|
11,3
|
Data
|
Protect
|
Protect Recovery Data
|
| 11
|
11,4
|
Data
|
Recover
|
Establish and Maintain an Isolated Instance of Recovery Data
|
| 11
|
11,5
|
Data
|
Recover
|
Test Data Recovery
|
| 12
|
|
|
|
Network Infrastructure Management
|
| 12
|
12,1
|
Network
|
Protect
|
Ensure Network Infrastructure is Up-to-Date
|
| 12
|
12,2
|
Network
|
Protect
|
Establish and Maintain a Secure Network Architecture
|
| 12
|
12,3
|
Network
|
Protect
|
Securely Manage Network Infrastructure
|
| 12
|
12,4
|
Network
|
Identify
|
Establish and Maintain Architecture Diagram(s)
|
| 12
|
12,5
|
Network
|
Protect
|
Centralize Network Authentication, Authorization, and Auditing (AAA)
|
| 12
|
12,6
|
Network
|
Protect
|
Use of Secure Network Management and Communication Protocols
|
| 12
|
12,7
|
Devices
|
Protect
|
Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise’s AAA Infrastructure
|
| 12
|
12,8
|
Devices
|
Protect
|
Establish and Maintain Dedicated Computing Resources for All Administrative Work
|
| 13
|
|
|
|
Network Monitoring and Defense
|
| 13
|
13,1
|
Network
|
Detect
|
Centralize Security Event Alerting
|
| 13
|
13,2
|
Devices
|
Detect
|
Deploy a Host-Based Intrusion Detection Solution
|
| 13
|
13,3
|
Network
|
Detect
|
Deploy a Network Intrusion Detection Solution
|
| 13
|
13,4
|
Network
|
Protect
|
Perform Traffic Filtering Between Network Segments
|
| 13
|
13,5
|
Devices
|
Protect
|
Manage Access Control for Remote Assets
|
| 13
|
13,6
|
Network
|
Detect
|
Collect Network Traffic Flow Logs
|
| 13
|
13,7
|
Devices
|
Protect
|
Deploy a Host-Based Intrusion Prevention Solution
|
| 13
|
13,8
|
Network
|
Protect
|
Deploy a Network Intrusion Prevention Solution
|
| 13
|
13,9
|
Devices
|
Protect
|
Deploy Port-Level Access Control
|
| 13
|
13,10
|
Network
|
Protect
|
Perform Application Layer Filtering
|
| 13
|
13,11
|
Network
|
Detect
|
Tune Security Event Alerting Thresholds
|
| 14
|
|
|
|
Security Awareness and Skills Training
|
| 14
|
14,1
|
N/A
|
Protect
|
Establish and Maintain a Security Awareness Program
|
| 14
|
14,2
|
N/A
|
Protect
|
Train Workforce Members to Recognize Social Engineering Attacks
|
| 14
|
14,3
|
N/A
|
Protect
|
Train Workforce Members on Authentication Best Practices
|
| 14
|
14,4
|
N/A
|
Protect
|
Train Workforce on Data Handling Best Practices
|
| 14
|
14,5
|
N/A
|
Protect
|
Train Workforce Members on Causes of Unintentional Data Exposure
|
| 14
|
14,6
|
N/A
|
Protect
|
Train Workforce Members on Recognizing and Reporting Security Incidents
|
| 14
|
14,7
|
N/A
|
Protect
|
Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates
|
| 14
|
14,8
|
N/A
|
Protect
|
Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks
|
| 14
|
14,9
|
N/A
|
Protect
|
Conduct Role-Specific Security Awareness and Skills Training
|
| 15
|
|
|
|
Service Provider Management
|
| 15
|
15,1
|
N/A
|
Identify
|
Establish and Maintain an Inventory of Service Providers
|
| 15
|
15,2
|
N/A
|
Identify
|
Establish and Maintain a Service Provider Management Policy
|
| 15
|
15,3
|
N/A
|
Identify
|
Classify Service Providers
|
| 15
|
15,4
|
N/A
|
Protect
|
Ensure Service Provider Contracts Include Security Requirements
|
| 15
|
15,5
|
N/A
|
Identify
|
Assess Service Providers
|
| 15
|
15,6
|
Data
|
Detect
|
Monitor Service Providers
|
| 15
|
15,7
|
Data
|
Protect
|
Securely Decommission Service Providers
|
| 16
|
|
|
|
Application Software Security
|
| 16
|
16,1
|
Applications
|
Protect
|
Establish and Maintain a Secure Application Development Process
|
| 16
|
16,2
|
Applications
|
Protect
|
Establish and Maintain a Process to Accept and Address Software Vulnerabilities
|
| 16
|
16,3
|
Applications
|
Protect
|
Perform Root Cause Analysis on Security Vulnerabilities
|
| 16
|
16,4
|
Applications
|
Protect
|
Establish and Manage an Inventory of Third-Party Software Components
|
| 16
|
16,5
|
Applications
|
Protect
|
Use Up-to-Date and Trusted Third-Party Software Components
|
| 16
|
16,6
|
Applications
|
Protect
|
Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities
|
| 16
|
16,7
|
Applications
|
Protect
|
Use Standard Hardening Configuration Templates for Application Infrastructure
|
| 16
|
16,8
|
Applications
|
Protect
|
Separate Production and Non-Production Systems
|
| 16
|
16,9
|
Applications
|
Protect
|
Train Developers in Application Security Concepts and Secure Coding
|
| 16
|
16,10
|
Applications
|
Protect
|
Apply Secure Design Principles in Application Architectures
|
| 16
|
16,11
|
Applications
|
Protect
|
Leverage Vetted Modules or Services for Application Security Components
|
| 16
|
16,12
|
Applications
|
Protect
|
Implement Code-Level Security Checks
|
| 16
|
16,13
|
Applications
|
Protect
|
Conduct Application Penetration Testing
|
| 16
|
16,14
|
Applications
|
Protect
|
Conduct Threat Modeling
|
| 17
|
|
|
|
Incident Response Management
|
| 17
|
17,1
|
N/A
|
Respond
|
Designate Personnel to Manage Incident Handling
|
| 17
|
17,2
|
N/A
|
Respond
|
Establish and Maintain Contact Information for Reporting Security Incidents
|
| 17
|
17,3
|
N/A
|
Respond
|
Establish and Maintain an Enterprise Process for Reporting Incidents
|
| 17
|
17,4
|
N/A
|
Respond
|
Establish and Maintain an Incident Response Process
|
| 17
|
17,5
|
N/A
|
Respond
|
Assign Key Roles and Responsibilities
|
| 17
|
17,6
|
N/A
|
Respond
|
Define Mechanisms for Communicating During Incident Response
|
| 17
|
17,7
|
N/A
|
Recover
|
Conduct Routine Incident Response Exercises
|
| 17
|
17,8
|
N/A
|
Recover
|
Conduct Post-Incident Reviews
|
| 17
|
17,9
|
N/A
|
Recover
|
Establish and Maintain Security Incident Thresholds
|
| 18
|
|
|
|
Penetration Testing
|
| 18
|
18,1
|
N/A
|
Identify
|
Establish and Maintain a Penetration Testing Program
|
| 18
|
18,2
|
Network
|
Identify
|
Perform Periodic External Penetration Tests
|
| 18
|
18,3
|
Network
|
Protect
|
Remediate Penetration Test Findings
|
| 18
|
18,4
|
Network
|
Protect
|
Validate Security Measures
|
| 18
|
18,5
|
N/A
|
Identify
|
Perform Periodic Internal Penetration Tests
|