4.6 KiB
4.6 KiB
| 1 | CIS v8.1 Safeguards (Sub-Controls) |
|---|---|
| 2 | 3.1 - Establish and Maintain Inventory of Enterprise Assets |
| 3 | 3.3 - Manage Assets |
| 4 | 5.1 - Establish and Maintain a Secure Configuration Process |
| 5 | 5.3 - Securely Configure Enterprise Assets and Software |
| 6 | 8.1 - Establish and Maintain a Vulnerability Management Process |
| 7 | 9.2 - Deploy and Maintain Anti-Malware Software |
| 8 | 10.8 - Perform and Test Data Backups |
| 9 | 15.1 - Develop an Incident Response Plan |
| 10 | 3.4 - Manage Sensitive Assets |
| 11 | 4.1 - Establish and Maintain a Secure Access Control Policy and Procedures |
| 12 | 4.2 - Implement and Manage Multi-Factor Authentication for Enterprise Accounts |
| 13 | 6.3 - Implement and Manage Network Segmentation |
| 14 | 7.1 - Establish and Maintain a Data Management Process |
| 15 | 7.2 - Implement and Enforce Data Retention |
| 16 | 7.3 - Implement Data Loss Prevention (DLP) |
| 17 | 12.5 - Enforce Encryption of Data-at-Rest |
| 18 | 12.6 - Enforce Encryption of Data-in-Transit |
| 19 | 4.3 - Manage Privileged Access |
| 20 | 4.4 - Manage Service Accounts |
| 21 | 4.6 - Manage External Accounts |
| 22 | 14.5 - Establish and Maintain an Audit Log Review and Analysis Process |
| 23 | 16.1 - Conduct Security Awareness and Skills Training |
| 24 | 3.6 - Establish and Maintain an Inventory of Non-Enterprise Assets |
| 25 | 13.1 - Establish and Maintain a Security Awareness Program |
| 26 | 18.1 - Establish and Maintain a Penetration Testing Program |
| 27 | 19.1 - Establish and Maintain an Incident Response Plan |
| 28 | 20.1 - Establish and Maintain a Business Continuity Plan |
| 29 | 16.2 - Train Workforce Members on Social Engineering Attacks |
| 30 | 19.8 - Perform Post-Incident Reviews |
| 31 | 1.1 - Establish and Maintain Enterprise Governance |
| 32 | 1.2 - Establish and Maintain Enterprise Security Policies |
| 33 | 1.3 - Establish and Maintain Enterprise Agreements |
| 34 | 2.1 - Establish and Maintain an Inventory of Authorized Software |
| 35 | 10.9 - Perform Off-Site Backups |
| 36 | 10.10 - Securely Store Backups |
| 37 | 11.1 - Implement and Manage Email Protections |
| 38 | 17.1 - Implement Physical Access Controls |
| 39 | 17.2 - Monitor Physical Environment |
| 40 | 6.1 - Establish and Maintain a Baseline Configuration of Network Devices |
| 41 | 6.4 - Implement and Manage Network Infrastructure Device Hardening |
| 42 | 6.5 - Implement and Manage Distributed Denial of Service (DDoS) Mitigation Techniques |
| 43 | 14.1 - Establish and Maintain a Security Logging and Monitoring Process |
| 44 | 8.2 - Remediate Vulnerabilities Based on Risk |
| 45 | 8.3 - Verify Application of Security Patches |
| 46 | 3.2 - Utilize an Automated Asset Discovery Tool |
| 47 | 13.5 - Manage Supplier Access |
| 48 | 13.6 - Monitor Supplier Security |
| 49 | 3.5 - Manage Enterprise Assets Connected to the Enterprise Network Remotely |
| 50 | 4.5 - Manage Mobile Devices |
| 51 | 5.4 - Securely Configure Cloud Infrastructure |
| 52 | 5.5 - Securely Configure Cloud Workloads |
| 53 | 6.2 - Establish and Maintain a Baseline Configuration of Endpoints |
| 54 | 4.7 - Enforce Account Password Requirements |
| 55 | 4.8 - Enforce Multi-Factor Authentication for All Users |
| 56 | 16.4 - Establish and Maintain a Role-Based Security Training Program |
| 57 | 16.5 - Conduct Skills Gap Assessments |
| 58 | 17.3 - Plan and Implement Environmental Protections |
| 59 | 5.6 - Securely Configure Industrial Control Systems (ICS) |
| 60 | 6.6 - Implement and Manage Network Segmentation for ICS |
| 61 | 1.5 - Conduct Periodic Security Risk Assessments |
| 62 | 14.7 - Conduct Security Controls Testing and Validation |
| 63 | 15.4 - Establish and Maintain a Security Architecture |
| 64 | 1.4 - Establish and Maintain a Threat Intelligence Program |
| 65 | 2.2 - Utilize Standard Security Configurations for Enterprise Software and Hardware |
| 66 | 8.4 - Perform Application Security Testing |
| 67 | 12.1 - Establish and Maintain a Software Development Life Cycle (SDLC) |
| 68 | 9.1 - Establish and Maintain a Software Allow List |
| 69 | 11.2 - Implement and Manage Web Browser Protections |
| 70 | 6.7 - Implement and Manage Domain Name System (DNS) Security |
| 71 | 12.7 - Plan and Implement Cryptographic Key Management |
| 72 | 7.4 - Securely Dispose of Assets |
| 73 | 12.2 - Secure Software via Secure Coding Practices |
| 74 | 6.8 - Secure Wireless Access Points |
| 75 | 4.9 - Manage Access to Enterprise Applications |
| 76 | 11.3 - Implement and Manage Endpoint Protections |
| 77 | 12.6 - Enforce Encryption of Data-in-Transit 66,Insufficient Data Encryption" |
| 78 | 14.2 - Integrate Threat Intelligence into Security Monitoring |
| 79 | 14.3 - Establish and Maintain Alerting and Escalation Processes |
| 80 | 19.2 - Establish and Maintain an Incident Response Team |
| 81 | 19.3 - Develop and Conduct Incident Response Exercises |
| 82 | 5.2 - Implement and Manage a Change Management Process |
| 83 | 5.7 - Securely Configure Containers |
| 84 | 12.3 - Manage Credentials |
| 85 | 16.3 - Establish and Maintain a Security Skills Development Program |
| 86 | 9.3 - Implement and Manage Endpoint Detection and Response (EDR) |
| 87 | 13.3 - Implement and Manage Secure Software Supply Chain Practices |
| 88 | 12.4 - Implement and Manage Security for Software Applications |
| 89 | 13.4 - Implement and Manage Secure Hardware Supply Chain Practices |