Safeguard ID,Name,Description
1.1,Establish and Maintain Detailed Enterprise Asset Inventory,Inventory and Control of Enterprise Assets
1.2,Address Unauthorized Assets,Inventory and Control of Enterprise Assets
1.3,Utilize an Active Discovery Tool,Inventory and Control of Enterprise Assets
1.4,Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory,Inventory and Control of Enterprise Assets
1.5,Use a Passive Asset Discovery Tool,Inventory and Control of Enterprise Assets
2.1,Establish and Maintain a Software Inventory,Inventory and Control of Software Assets
2.2,Ensure Authorized Software is Currently Supported,Inventory and Control of Software Assets
2.3,Address Unauthorized Software,Inventory and Control of Software Assets
2.4,Utilize Automated Software Inventory Tools,Inventory and Control of Software Assets
2.5,Allowlist Authorized Software,Inventory and Control of Software Assets
2.6,Allowlist Authorized Libraries,Inventory and Control of Software Assets
2.7,Allowlist Authorized Scripts,Inventory and Control of Software Assets
3.1,Establish and Maintain a Data Management Process,Data Protection
3.2,Establish and Maintain a Data Inventory,Data Protection
3.3,Configure Data Access Control Lists,Data Protection
3.4,Enforce Data Retention,Data Protection
3.5,Securely Dispose of Data,Data Protection
3.6,Encrypt Data on End-User Devices,Data Protection
3.7,Establish and Maintain a Data Classification Scheme,Data Protection
3.8,Document Data Flows,Data Protection
3.9,Encrypt Data on Removable Media,Data Protection
3.10,Encrypt Sensitive Data in Transit,Data Protection
3.11,Encrypt Sensitive Data At Rest,Data Protection
3.12,Segment Data Processing and Storage Based on Sensitivity,Data Protection
3.13,Deploy a Data Loss Prevention Solution,Data Protection
3.14,Log Sensitive Data Access,Data Protection
4.1,Establish and Maintain a Secure Configuration Process,Secure Configuration of Enterprise Assets and Software
4.2,Establish and Maintain a Secure Configuration Process for Network Infrastructure,Secure Configuration of Enterprise Assets and Software
4.3,Configure Automatic Session Locking on Enterprise Assets,Secure Configuration of Enterprise Assets and Software
4.4,Implement and Manage a Firewall on Servers,Secure Configuration of Enterprise Assets and Software
4.5,Implement and Manage a Firewall on End-User Devices,Secure Configuration of Enterprise Assets and Software
4.6,Securely Manage Enterprise Assets and Software,Secure Configuration of Enterprise Assets and Software
4.7,Manage Default Accounts on Enterprise Assets and Software,Secure Configuration of Enterprise Assets and Software
4.8,Uninstall or Disable Unnecessary Services on Enterprise Assets and Applications,Secure Configuration of Enterprise Assets and Software
4.9,Configure Trusted Domain Name System (DNS) Servers on Enterprise Assets,Secure Configuration of Enterprise Assets and Software
4.10,Enforce Automatic Device Lockout on Portable End-User Devices,Secure Configuration of Enterprise Assets and Software
4.11,Enforce Remote Wipe Capability on Portable End-User Devices,Secure Configuration of Enterprise Assets and Software
4.12,Separate Enterprise Workspaces on Mobile End-User Devices,Secure Configuration of Enterprise Assets and Software
5.1,Establish and Maintain an Inventory of Accounts,Account Management
5.2,Use Unique Passwords,Account Management
5.3,Disable Dormant Accounts,Account Management
5.4,Restrict Administrator Privileges to Dedicated Administrator Accounts,Account Management
5.5,Establish and Maintain an Inventory of Service Accounts,Account Management
5.6,Centralize Account Management,Account Management
6.1,Establish an Access Granting Process,Access Control Management
6.2,Establish an Access Revolving Process,Access Control Management
6.3,Require MFA for Externally-Exposed Applications,Access Control Management
6.4,Require MFA for Remote Network Access,Access Control Management
6.5,Require MFA for Administrative Access,Access Control Management
6.6,Establish and Maintain an Inventory of Authentication and Authorization Systems,Access Control Management
6.7,Centralize Access Control,Access Control Management
6.8,Define and Maintain Role-Based Access Control,Access Control Management
7.1,Establish and Maintain a Vulnerability Management Process,Continuous Vulnerability Management
7.2,Establish and Maintain a Remediation Process,Continuous Vulnerability Management
7.3,Perform Automated Operating System Patch Management,Continuous Vulnerability Management
7.4,Perform Automated Application Patch Management,Continuous Vulnerability Management
7.5,Perform Automated Vulnerability Scans of Internal Enterprise Assets,Continuous Vulnerability Management
7.6,Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets,Continuous Vulnerability Management
7.7,Remediate Detected Vulnerabilities,Continuous Vulnerability Management
8.1,Establish and Maintain an Audit Log Management Process,Audit Log Management
8.2,Collect Audit Logs,Audit Log Management
8.3,Ensure Adequate Audit Log Storage,Audit Log Management
8.4,Standardize Time Synchronization,Audit Log Management
8.5,Collect Detailed Audit Logs,Audit Log Management
8.6,Collect DNS Query Audit Logs,Audit Log Management
8.7,Collect URL Request Audit Logs,Audit Log Management
8.8,Collect Command-Line Audit Logs,Audit Log Management
8.9,Centralize Audit Logs,Audit Log Management
8.10,Retain Audit Logs,Audit Log Management
8.11,Conduct Audit Log Reviews,Audit Log Management
8.12,Collect Service Provider Logs,Audit Log Management
9.1,Ensure Use of Only Fully Supported Browsers and Email Clients,Email and Web Browser Protections
9.2,Use DNS Filtering Services,Email and Web Browser Protections
9.3,Maintain and Enforce Network-Based URL Filters,Email and Web Browser Protections
9.4,Restrict Unnecessary or Unauthorized Browser and Email Client Extensions,Email and Web Browser Protections
9.5,Implement DMARC,Email and Web Browser Protections
9.6,Block Unnecessary File Types,Email and Web Browser Protections
9.7,Deploy and Maintain Email Server Anti-Malware Protections,Email and Web Browser Protections
10.1,Deploy and Maintain Anti-Malware Software,Malware Defenses
10.2,Configure Automatic Anti-Malware Signature Updates,Malware Defenses
10.3,Disable Autorun and Autoplay for Removable Media,Malware Defenses
10.4,Configure Automatic Anti-Malware Scanning of Removable Media,Malware Defenses
10.5,Enable Anti-Exploitation Features,Malware Defenses
10.6,Centrally Manage Anti-Malware Software,Malware Defenses
10.7,Use Behavior-Based Anti-Malware Software,Malware Defenses
11.1,Establish and Maintain a Data Recovery Process,Data Recovery
11.2,Perform Automated Backups,Data Recovery
11.3,Protect Recovery Data,Data Recovery
11.4,Establish and Maintain an Isolated Instance of Recovery Data,Data Recovery
11.5,Test Data Recovery,Data Recovery
12.1,Ensure Network Infrastructure is Up-to-Date,Network Infrastructure Management
12.2,Establish and Maintain a Secure Network Architecture,Network Infrastructure Management
12.3,Securely Manage Network Infrastructure,Network Infrastructure Management
12.4,Establish and Maintain Architecture Diagram(s),Network Infrastructure Management
12.5,Centralize Network Authentication, Authorization, and Auditing (AAA),Network Infrastructure Management
12.6,Use of Secure Network Management and Communication Protocols,Network Infrastructure Management
12.7,Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprise’s AAA Infrastructure,Network Infrastructure Management
12.8,Establish and Maintain Dedicated Computing Resources For All Administrative Work,Network Infrastructure Management
13.1,Centralize Security Event Alerting,Network Monitoring and Defense
13.2,Deploy a Host-Based Intrusion Detection Solution,Network Monitoring and Defense
13.3,Deploy a Network Intrusion Detection Solution,Network Monitoring and Defense
13.4,Perform Traffic Filtering Between Network Segments,Network Monitoring and Defense
13.5,Manage Access Control for Remote Assets,Network Monitoring and Defense
13.6,Collect Network Traffic Flow Logs,Network Monitoring and Defense
13.7,Deploy a Host-Based Intrusion Prevention Solution,Network Monitoring and Defense
13.8,Deploy a Network Intrusion Prevention Solution,Network Monitoring and Defense
13.9,Deploy Port-Level Access Control,Network Monitoring and Defense
13.10,Perform Application Layer Filtering,Network Monitoring and Defense
13.11,Tune Security Event Alerting Thresholds,Network Monitoring and Defense
14.1,Establish and Maintain a Security Awareness Program,Security Awareness and Skills Training
14.2,Train Workforce Members to Recognize Social Engineering Attacks,Security Awareness and Skills Training
14.3,Train Workforce Members on Authentication Best Practices,Security Awareness and Skills Training
14.4,Train Workforce on Data Handling Best Practices,Security Awareness and Skills Training
14.5,Train Workforce Members on Causes of Unintentional Data Exposure,Security Awareness and Skills Training
14.6,Train Workforce Members on Recognizing and Reporting Security Incidents,Security Awareness and Skills Training
14.7,Train Workforce on How to Identify and Report if their Enterprise Assets are Missing Security Updates,Security Awareness and Skills Training
14.8,Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks,Security Awareness and Skills Training
14.9,Conduct Role-Specific Security Awareness and Skills Training,Security Awareness and Skills Training
15.1,Establish and Maintain an Inventory of Service Providers,Service Provider Management
15.2,Establish and Maintain a Service Provider Management Policy,Service Provider Management
15.3,Classify Service Providers,Service Provider Management
15.4,Ensure Service Provider Contracts Include Security Requirements,Service Provider Management
15.5,Assess Service Providers,Service Provider Management
15.6,Monitor Service Providers,Service Provider Management
15.7,Securely Decommission Service Providers,Service Provider Management
16.1,Establish and Maintain a Secure Application Development Process,Application Software Security
16.2,Establish and Maintain a Process to Accept and Address Software Vulnerabilities,Application Software Security
16.3,Perform Root Cause Analysis on Security Vulnerabilities,Application Software Security
16.4,Establish and Manage an Inventory of Third-Party Software Components,Application Software Security
16.5,Use Up-to-Date and Trusted Third-Party Software Components,Application Software Security
16.6,Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities,Application Software Security
16.7,Use Standard Hardening Configuration Templates for Application Infrastructure,Application Software Security
16.8,Separate Production and Non-Production Systems,Application Software Security
16.9,Train Developers in Application Security Concepts and Secure Coding,Application Software Security
16.10,Apply Secure Design Principles in Application Architectures,Application Software Security
16.11,Leverage Vetted Modules or Services for Application Security Components,Application Software Security
16.12,Implement Code-Level Security Checks,Application Software Security
16.13,Conduct Application Penetration Testing,Application Software Security
16.14,Conduct Threat Modeling,Application Software Security
17.1,Designate Personnel to Manage Incident Handling,Incident Response Management
17.2,Establish and Maintain Contact Information for Reporting Security Incidents,Incident Response Management
17.3,Establish and Maintain an Enterprise Process for Reporting Incidents,Incident Response Management
17.4,Establish and Maintain an Incident Response Process,Incident Response Management
17.5,Assign Key Roles and Responsibilities,Incident Response Management
17.6,Define Mechanisms for Communicating During Incident Response,Incident Response Management
17.7,Conduct Routine Incident Response Exercises,Incident Response Management
17.8,Conduct Post-Incident Reviews,Incident Response Management
17.9,Establish and Maintain Security Incident Thresholds,Incident Response Management
18.1,Establish and Maintain a Penetration Testing Program,Penetration Testing
18.2,Perform Periodic External Penetration Tests,Penetration Testing
18.3,Remediate Penetration Test Findings,Penetration Testing
18.4,Validate Security Measures,Penetration Testing
18.5,Perform Periodic Internal Penetration Tests,Penetration Testing