diff --git a/fix-controls.py b/fix-controls.py deleted file mode 100644 index 7c80c7b..0000000 --- a/fix-controls.py +++ /dev/null @@ -1,24 +0,0 @@ -import csv - -input_file = 'controls.csv' -output_file = 'controls-fix.csv' - -with open(input_file, mode='r', newline='', encoding='utf-8') as infile: - reader = csv.DictReader(infile) - - safeguards = set() - - for row in reader: - safeguard = row['CIS v8.1 Safeguards (Sub-Controls)'] - safeguards.add(safeguard) - -with open(output_file, mode='w', newline='', encoding='utf-8') as outfile: - fieldnames = ['name'] - writer = csv.DictWriter(outfile, fieldnames=fieldnames) - - writer.writeheader() - - for safeguard in safeguards: - writer.writerow({'name': safeguard}) - -print(f"Conversion completed. The new CSV file is saved as '{output_file}'.") diff --git a/test_cs.csv b/test_cs.csv deleted file mode 100644 index 9e90287..0000000 --- a/test_cs.csv +++ /dev/null @@ -1,90 +0,0 @@ -CIS v8.1 Safeguards (Sub-Controls) -3.1 - Establish and Maintain Inventory of Enterprise Assets -3.3 - Manage Assets -5.1 - Establish and Maintain a Secure Configuration Process -5.3 - Securely Configure Enterprise Assets and Software -8.1 - Establish and Maintain a Vulnerability Management Process -9.2 - Deploy and Maintain Anti-Malware Software -10.8 - Perform and Test Data Backups -15.1 - Develop an Incident Response Plan -3.4 - Manage Sensitive Assets -4.1 - Establish and Maintain a Secure Access Control Policy and Procedures -4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts -6.3 - Implement and Manage Network Segmentation -7.1 - Establish and Maintain a Data Management Process -7.2 - Implement and Enforce Data Retention -7.3 - Implement Data Loss Prevention (DLP) -12.5 - Enforce Encryption of Data-at-Rest -12.6 - Enforce Encryption of Data-in-Transit -4.3 - Manage Privileged Access -4.4 - Manage Service Accounts -4.6 - Manage External Accounts -14.5 - Establish and Maintain an Audit Log Review and Analysis Process -16.1 - Conduct Security Awareness and Skills Training -3.6 - Establish and Maintain an Inventory of Non-Enterprise Assets -13.1 - Establish and Maintain a Security Awareness Program -18.1 - Establish and Maintain a Penetration Testing Program -19.1 - Establish and Maintain an Incident Response Plan -20.1 - Establish and Maintain a Business Continuity Plan -16.2 - Train Workforce Members on Social Engineering Attacks -19.8 - Perform Post-Incident Reviews -1.1 - Establish and Maintain Enterprise Governance -1.2 - Establish and Maintain Enterprise Security Policies -1.3 - Establish and Maintain Enterprise Agreements -2.1 - Establish and Maintain an Inventory of Authorized Software -10.9 - Perform Off-Site Backups -10.10 - Securely Store Backups -11.1 - Implement and Manage Email Protections -17.1 - Implement Physical Access Controls -17.2 - Monitor Physical Environment -6.1 - Establish and Maintain a Baseline Configuration of Network Devices -6.4 - Implement and Manage Network Infrastructure Device Hardening -6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques -14.1 - Establish and Maintain a Security Logging and Monitoring Process -8.2 - Remediate Vulnerabilities Based on Risk -8.3 - Verify Application of Security Patches -3.2 - Utilize an Automated Asset Discovery Tool -13.5 - Manage Supplier Access -13.6 - Monitor Supplier Security -3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely -4.5 - Manage Mobile Devices -5.4 - Securely Configure Cloud Infrastructure -5.5 - Securely Configure Cloud Workloads -6.2 - Establish and Maintain a Baseline Configuration of Endpoints -4.7 - Enforce Account Password Requirements -4.8 - Enforce Multi-Factor Authentication for All Users -16.4 - Establish and Maintain a Role-Based Security Training Program -16.5 - Conduct Skills Gap Assessments -17.3 - Plan and Implement Environmental Protections -5.6 - Securely Configure Industrial Control Systems (ICS) -6.6 - Implement and Manage Network Segmentation for ICS -1.5 - Conduct Periodic Security Risk Assessments -14.7 - Conduct Security Controls Testing and Validation -15.4 - Establish and Maintain a Security Architecture -1.4 - Establish and Maintain a Threat Intelligence Program -2.2 - Utilize Standard Security Configurations for Enterprise Software and Hardware -8.4 - Perform Application Security Testing -12.1 - Establish and Maintain a Software Development Life Cycle (SDLC) -9.1 - Establish and Maintain a Software Allow List -11.2 - Implement and Manage Web Browser Protections -6.7 - Implement and Manage Domain Name System (DNS) Security -12.7 - Plan and Implement Cryptographic Key Management -7.4 - Securely Dispose of Assets -12.2 - Secure Software via Secure Coding Practices -6.8 - Secure Wireless Access Points -4.9 - Manage Access to Enterprise Applications -11.3 - Implement and Manage Endpoint Protections -"12.6 - Enforce Encryption of Data-in-Transit -66,Insufficient Data Encryption""" -14.2 - Integrate Threat Intelligence into Security Monitoring -14.3 - Establish and Maintain Alerting and Escalation Processes -19.2 - Establish and Maintain an Incident Response Team -19.3 - Develop and Conduct Incident Response Exercises -5.2 - Implement and Manage a Change Management Process -5.7 - Securely Configure Containers -12.3 - Manage Credentials -16.3 - Establish and Maintain a Security Skills Development Program -9.3 - Implement and Manage Endpoint Detection and Response (EDR) -13.3 - Implement and Manage Secure Software Supply Chain Practices -12.4 - Implement and Manage Security for Software Applications -13.4 - Implement and Manage Secure Hardware Supply Chain Practices