#8 Promenjen unos i snimanje kontrola

fix-controls.py

@@ -1,24 +0,0 @@
-import csv
-
-input_file = 'controls.csv'  
-output_file = 'controls-fix.csv' 
-
-with open(input_file, mode='r', newline='', encoding='utf-8') as infile:
-    reader = csv.DictReader(infile)
-    
-    safeguards = set()
-    
-    for row in reader:
-        safeguard = row['CIS v8.1 Safeguards (Sub-Controls)']
-        safeguards.add(safeguard)  
-
-with open(output_file, mode='w', newline='', encoding='utf-8') as outfile:
-    fieldnames = ['name']  
-    writer = csv.DictWriter(outfile, fieldnames=fieldnames)
-    
-    writer.writeheader()
-    
-    for safeguard in safeguards:
-        writer.writerow({'name': safeguard})
-
-print(f"Conversion completed. The new CSV file is saved as '{output_file}'.")

test_cs.csv

@@ -1,90 +0,0 @@
-CIS v8.1 Safeguards (Sub-Controls)
-3.1 - Establish and Maintain Inventory of Enterprise Assets
-3.3 - Manage Assets
-5.1 - Establish and Maintain a Secure Configuration Process
-5.3 - Securely Configure Enterprise Assets and Software
-8.1 - Establish and Maintain a Vulnerability Management Process
-9.2 - Deploy and Maintain Anti-Malware Software
-10.8 - Perform and Test Data Backups
-15.1 - Develop an Incident Response Plan
-3.4 - Manage Sensitive Assets
-4.1 - Establish and Maintain a Secure Access Control Policy and Procedures
-4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts
-6.3 - Implement and Manage Network Segmentation
-7.1 - Establish and Maintain a Data Management Process
-7.2 - Implement and Enforce Data Retention
-7.3 - Implement Data Loss Prevention (DLP)
-12.5 - Enforce Encryption of Data-at-Rest
-12.6 - Enforce Encryption of Data-in-Transit
-4.3 - Manage Privileged Access
-4.4 - Manage Service Accounts
-4.6 - Manage External Accounts
-14.5 - Establish and Maintain an Audit Log Review and Analysis Process
-16.1 - Conduct Security Awareness and Skills Training
-3.6 - Establish and Maintain an Inventory of Non-Enterprise Assets
-13.1 - Establish and Maintain a Security Awareness Program
-18.1 - Establish and Maintain a Penetration Testing Program
-19.1 - Establish and Maintain an Incident Response Plan
-20.1 - Establish and Maintain a Business Continuity Plan
-16.2 - Train Workforce Members on Social Engineering Attacks
-19.8 - Perform Post-Incident Reviews
-1.1 - Establish and Maintain Enterprise Governance
-1.2 - Establish and Maintain Enterprise Security Policies
-1.3 - Establish and Maintain Enterprise Agreements
-2.1 - Establish and Maintain an Inventory of Authorized Software
-10.9 - Perform Off-Site Backups
-10.10 - Securely Store Backups
-11.1 - Implement and Manage Email Protections
-17.1 - Implement Physical Access Controls
-17.2 - Monitor Physical Environment
-6.1 - Establish and Maintain a Baseline Configuration of Network Devices
-6.4 - Implement and Manage Network Infrastructure Device Hardening
-6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques
-14.1 - Establish and Maintain a Security Logging and Monitoring Process
-8.2 - Remediate Vulnerabilities Based on Risk
-8.3 - Verify Application of Security Patches
-3.2 - Utilize an Automated Asset Discovery Tool
-13.5 - Manage Supplier Access
-13.6 - Monitor Supplier Security
-3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely
-4.5 - Manage Mobile Devices
-5.4 - Securely Configure Cloud Infrastructure
-5.5 - Securely Configure Cloud Workloads
-6.2 - Establish and Maintain a Baseline Configuration of Endpoints
-4.7 - Enforce Account Password Requirements
-4.8 - Enforce Multi-Factor Authentication for All Users
-16.4 - Establish and Maintain a Role-Based Security Training Program
-16.5 - Conduct Skills Gap Assessments
-17.3 - Plan and Implement Environmental Protections
-5.6 - Securely Configure Industrial Control Systems (ICS)
-6.6 - Implement and Manage Network Segmentation for ICS
-1.5 - Conduct Periodic Security Risk Assessments
-14.7 - Conduct Security Controls Testing and Validation
-15.4 - Establish and Maintain a Security Architecture
-1.4 - Establish and Maintain a Threat Intelligence Program
-2.2 - Utilize Standard Security Configurations for Enterprise Software and Hardware
-8.4 - Perform Application Security Testing
-12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)
-9.1 - Establish and Maintain a Software Allow List
-11.2 - Implement and Manage Web Browser Protections
-6.7 - Implement and Manage Domain Name System (DNS) Security
-12.7 - Plan and Implement Cryptographic Key Management
-7.4 - Securely Dispose of Assets
-12.2 - Secure Software via Secure Coding Practices
-6.8 - Secure Wireless Access Points
-4.9 - Manage Access to Enterprise Applications
-11.3 - Implement and Manage Endpoint Protections
-"12.6 - Enforce Encryption of Data-in-Transit
-66,Insufficient Data Encryption"""
-14.2 - Integrate Threat Intelligence into Security Monitoring
-14.3 - Establish and Maintain Alerting and Escalation Processes
-19.2 - Establish and Maintain an Incident Response Team
-19.3 - Develop and Conduct Incident Response Exercises
-5.2 - Implement and Manage a Change Management Process
-5.7 - Securely Configure Containers
-12.3 - Manage Credentials
-16.3 - Establish and Maintain a Security Skills Development Program
-9.3 - Implement and Manage Endpoint Detection and Response (EDR)
-13.3 - Implement and Manage Secure Software Supply Chain Practices
-12.4 - Implement and Manage Security for Software Applications
-13.4 - Implement and Manage Secure Hardware Supply Chain Practices