senaduka/old-riskletpy
1
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

#8 Promenjen unos i snimanje kontrola

Browse Source
This commit is contained in:
Amir
2025-02-13 18:29:54 +01:00
parent f41997fd59
commit 8d21587376
9 changed files with 203 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
test_cs.csv Normal file
View File

@@ -0,0 +1,90 @@
CIS v8.1 Safeguards (Sub-Controls)
3.1 - Establish and Maintain Inventory of Enterprise Assets
3.3 - Manage Assets
5.1 - Establish and Maintain a Secure Configuration Process
5.3 - Securely Configure Enterprise Assets and Software
8.1 - Establish and Maintain a Vulnerability Management Process
9.2 - Deploy and Maintain Anti-Malware Software
10.8 - Perform and Test Data Backups
15.1 - Develop an Incident Response Plan
3.4 - Manage Sensitive Assets
4.1 - Establish and Maintain a Secure Access Control Policy and Procedures
4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts
6.3 - Implement and Manage Network Segmentation
7.1 - Establish and Maintain a Data Management Process
7.2 - Implement and Enforce Data Retention
7.3 - Implement Data Loss Prevention (DLP)
12.5 - Enforce Encryption of Data-at-Rest
12.6 - Enforce Encryption of Data-in-Transit
4.3 - Manage Privileged Access
4.4 - Manage Service Accounts
4.6 - Manage External Accounts
14.5 - Establish and Maintain an Audit Log Review and Analysis Process
16.1 - Conduct Security Awareness and Skills Training
3.6 - Establish and Maintain an Inventory of Non-Enterprise Assets
13.1 - Establish and Maintain a Security Awareness Program
18.1 - Establish and Maintain a Penetration Testing Program
19.1 - Establish and Maintain an Incident Response Plan
20.1 - Establish and Maintain a Business Continuity Plan
16.2 - Train Workforce Members on Social Engineering Attacks
19.8 - Perform Post-Incident Reviews
1.1 - Establish and Maintain Enterprise Governance
1.2 - Establish and Maintain Enterprise Security Policies
1.3 - Establish and Maintain Enterprise Agreements
2.1 - Establish and Maintain an Inventory of Authorized Software
10.9 - Perform Off-Site Backups
10.10 - Securely Store Backups
11.1 - Implement and Manage Email Protections
17.1 - Implement Physical Access Controls
17.2 - Monitor Physical Environment
6.1 - Establish and Maintain a Baseline Configuration of Network Devices
6.4 - Implement and Manage Network Infrastructure Device Hardening
6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques
14.1 - Establish and Maintain a Security Logging and Monitoring Process
8.2 - Remediate Vulnerabilities Based on Risk
8.3 - Verify Application of Security Patches
3.2 - Utilize an Automated Asset Discovery Tool
13.5 - Manage Supplier Access
13.6 - Monitor Supplier Security
3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely
4.5 - Manage Mobile Devices
5.4 - Securely Configure Cloud Infrastructure
5.5 - Securely Configure Cloud Workloads
6.2 - Establish and Maintain a Baseline Configuration of Endpoints
4.7 - Enforce Account Password Requirements
4.8 - Enforce Multi-Factor Authentication for All Users
16.4 - Establish and Maintain a Role-Based Security Training Program
16.5 - Conduct Skills Gap Assessments
17.3 - Plan and Implement Environmental Protections
5.6 - Securely Configure Industrial Control Systems (ICS)
6.6 - Implement and Manage Network Segmentation for ICS
1.5 - Conduct Periodic Security Risk Assessments
14.7 - Conduct Security Controls Testing and Validation
15.4 - Establish and Maintain a Security Architecture
1.4 - Establish and Maintain a Threat Intelligence Program
2.2 - Utilize Standard Security Configurations for Enterprise Software and Hardware
8.4 - Perform Application Security Testing
12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)
9.1 - Establish and Maintain a Software Allow List
11.2 - Implement and Manage Web Browser Protections
6.7 - Implement and Manage Domain Name System (DNS) Security
12.7 - Plan and Implement Cryptographic Key Management
7.4 - Securely Dispose of Assets
12.2 - Secure Software via Secure Coding Practices
6.8 - Secure Wireless Access Points
4.9 - Manage Access to Enterprise Applications
11.3 - Implement and Manage Endpoint Protections
"12.6 - Enforce Encryption of Data-in-Transit
66,Insufficient Data Encryption"""
14.2 - Integrate Threat Intelligence into Security Monitoring
14.3 - Establish and Maintain Alerting and Escalation Processes
19.2 - Establish and Maintain an Incident Response Team
19.3 - Develop and Conduct Incident Response Exercises
5.2 - Implement and Manage a Change Management Process
5.7 - Securely Configure Containers
12.3 - Manage Credentials
16.3 - Establish and Maintain a Security Skills Development Program
9.3 - Implement and Manage Endpoint Detection and Response (EDR)
13.3 - Implement and Manage Secure Software Supply Chain Practices
12.4 - Implement and Manage Security for Software Applications
13.4 - Implement and Manage Secure Hardware Supply Chain Practices
1 CIS v8.1 Safeguards (Sub-Controls)
2 3.1 - Establish and Maintain Inventory of Enterprise Assets
3 3.3 - Manage Assets
4 5.1 - Establish and Maintain a Secure Configuration Process
5 5.3 - Securely Configure Enterprise Assets and Software
6 8.1 - Establish and Maintain a Vulnerability Management Process
7 9.2 - Deploy and Maintain Anti-Malware Software
8 10.8 - Perform and Test Data Backups
9 15.1 - Develop an Incident Response Plan
10 3.4 - Manage Sensitive Assets
11 4.1 - Establish and Maintain a Secure Access Control Policy and Procedures
12 4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts
13 6.3 - Implement and Manage Network Segmentation
14 7.1 - Establish and Maintain a Data Management Process
15 7.2 - Implement and Enforce Data Retention
16 7.3 - Implement Data Loss Prevention (DLP)
17 12.5 - Enforce Encryption of Data-at-Rest
18 12.6 - Enforce Encryption of Data-in-Transit
19 4.3 - Manage Privileged Access
20 4.4 - Manage Service Accounts
21 4.6 - Manage External Accounts
22 14.5 - Establish and Maintain an Audit Log Review and Analysis Process
23 16.1 - Conduct Security Awareness and Skills Training
24 3.6 - Establish and Maintain an Inventory of Non-Enterprise Assets
25 13.1 - Establish and Maintain a Security Awareness Program
26 18.1 - Establish and Maintain a Penetration Testing Program
27 19.1 - Establish and Maintain an Incident Response Plan
28 20.1 - Establish and Maintain a Business Continuity Plan
29 16.2 - Train Workforce Members on Social Engineering Attacks
30 19.8 - Perform Post-Incident Reviews
31 1.1 - Establish and Maintain Enterprise Governance
32 1.2 - Establish and Maintain Enterprise Security Policies
33 1.3 - Establish and Maintain Enterprise Agreements
34 2.1 - Establish and Maintain an Inventory of Authorized Software
35 10.9 - Perform Off-Site Backups
36 10.10 - Securely Store Backups
37 11.1 - Implement and Manage Email Protections
38 17.1 - Implement Physical Access Controls
39 17.2 - Monitor Physical Environment
40 6.1 - Establish and Maintain a Baseline Configuration of Network Devices
41 6.4 - Implement and Manage Network Infrastructure Device Hardening
42 6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques
43 14.1 - Establish and Maintain a Security Logging and Monitoring Process
44 8.2 - Remediate Vulnerabilities Based on Risk
45 8.3 - Verify Application of Security Patches
46 3.2 - Utilize an Automated Asset Discovery Tool
47 13.5 - Manage Supplier Access
48 13.6 - Monitor Supplier Security
49 3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely
50 4.5 - Manage Mobile Devices
51 5.4 - Securely Configure Cloud Infrastructure
52 5.5 - Securely Configure Cloud Workloads
53 6.2 - Establish and Maintain a Baseline Configuration of Endpoints
54 4.7 - Enforce Account Password Requirements
55 4.8 - Enforce Multi-Factor Authentication for All Users
56 16.4 - Establish and Maintain a Role-Based Security Training Program
57 16.5 - Conduct Skills Gap Assessments
58 17.3 - Plan and Implement Environmental Protections
59 5.6 - Securely Configure Industrial Control Systems (ICS)
60 6.6 - Implement and Manage Network Segmentation for ICS
61 1.5 - Conduct Periodic Security Risk Assessments
62 14.7 - Conduct Security Controls Testing and Validation
63 15.4 - Establish and Maintain a Security Architecture
64 1.4 - Establish and Maintain a Threat Intelligence Program
65 2.2 - Utilize Standard Security Configurations for Enterprise Software and Hardware
66 8.4 - Perform Application Security Testing
67 12.1 - Establish and Maintain a Software Development Life Cycle (SDLC)
68 9.1 - Establish and Maintain a Software Allow List
69 11.2 - Implement and Manage Web Browser Protections
70 6.7 - Implement and Manage Domain Name System (DNS) Security
71 12.7 - Plan and Implement Cryptographic Key Management
72 7.4 - Securely Dispose of Assets
73 12.2 - Secure Software via Secure Coding Practices
74 6.8 - Secure Wireless Access Points
75 4.9 - Manage Access to Enterprise Applications
76 11.3 - Implement and Manage Endpoint Protections
77 12.6 - Enforce Encryption of Data-in-Transit 66,Insufficient Data Encryption"
78 14.2 - Integrate Threat Intelligence into Security Monitoring
79 14.3 - Establish and Maintain Alerting and Escalation Processes
80 19.2 - Establish and Maintain an Incident Response Team
81 19.3 - Develop and Conduct Incident Response Exercises
82 5.2 - Implement and Manage a Change Management Process
83 5.7 - Securely Configure Containers
84 12.3 - Manage Credentials
85 16.3 - Establish and Maintain a Security Skills Development Program
86 9.3 - Implement and Manage Endpoint Detection and Response (EDR)
87 13.3 - Implement and Manage Secure Software Supply Chain Practices
88 12.4 - Implement and Manage Security for Software Applications
89 13.4 - Implement and Manage Secure Hardware Supply Chain Practices