CIS Controls 7.1

Mapa mental do CIS Controls 7.1

Get Started. It's Free
or sign up with your email address
CIS Controls 7.1 by Mind Map: CIS Controls 7.1

1. CIS Center for Internet Security Controls 7.1


2.1. CIS Control 1: Inventory and Control of Hardware Assets

2.1.1. Use DHCP Logging to Update Asset Inventory

2.1.2. Utilize an Active Discovery Tool

2.1.3. Maintain Asset Inventory Information

2.1.4. Use a Passive Asset Discovery Tool

2.1.5. Maintain Detailed Asset Inventory

2.1.6. Utilize Client Certificates to Authenticate Hardware Assets

2.1.7. Deploy Port Level Access Control

2.2. CIS Control 2: Inventory and Control of Software Assets

2.2.1. Maintain Inventory of Authorized Software

2.2.2. Ensure Software is Supported by Vendor

2.2.3. Utilize Software Inventory Tools

2.2.4. Track Software Inventory Information

2.2.5. Integrate Software and Hardware Asset Inventories

2.2.6. Address unapproved software

2.2.7. Utilize Application Whitelisting

2.2.8. Implement Application Whitelisting of Libraries

2.2.9. Implement Application Whitelisting of Scripts

2.2.10. Physically or Logically Segregate High Risk Applications

2.3. CIS Control 3: Continuous Vulnerability Management

2.3.1. Run Automated Vulnerability Scanning Tools

2.3.2. Perform Authenticated Vulnerability Scanning

2.3.3. Protect Dedicated Assessment Accounts

2.3.4. Deploy Automated Operating System Patch Management Tools

2.3.5. Deploy Automated Software Patch Management Tools

2.3.6. Compare Back-to-Back Vulnerability Scans

2.3.7. Utilize a Risk-Rating Process

2.4. CIS Control 4: Controlled Use of Administrative Privileges

2.4.1. Maintain Inventory of Administrative Accounts

2.4.2. Change Default Passwords

2.4.3. Ensure the Use of Dedicated Administrative Accounts

2.4.4. Use Unique Passwords

2.4.5. Use Multi-Factor Authentication for All Administrative Access

2.4.6. Use Dedicated Workstations For All Administrative Tasks

2.4.7. Limit Access to Script Tools

2.4.8. Log and Alert on Changes to Administrative Group Membership

2.4.9. Log and Alert on Unsuccessful Administrative Account Login

2.5. CIS Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops,Workstations and Servers

2.5.1. Establish Secure Configurations

2.5.2. Maintain Secure Images

2.5.3. Securely Store Master Images

2.5.4. Deploy System Configuration Management Tools

2.5.5. Implement Automated Configuration Monitoring Systems

2.6. CIS Control 6: Maintenance, Monitoring and Analysis of Audit Logs

2.6.1. Utilize Three Synchronized Time Sources

2.6.2. Activate Audit Logging

2.6.3. Enable Detailed Logging

2.6.4. Ensure Adequate Storage for Logs

2.6.5. Central Log Management

2.6.6. Deploy SIEM or Log Analytic Tools

2.6.7. Regularly Review Logs

2.6.8. Regularly Tune SIEM


3.1. CIS Control 7: Email and Web Browser Protections

3.1.1. Ensure Use of Only Fully Supported Browsers and Email Clients

3.1.2. Disable Unnecessary or Unauthorized Browser or Email Client Plugins

3.1.3. Limit Use of Scripting Languages in Web Browsers and Email Clients

3.1.4. Maintain and Enforce Network-Based URL Filters

3.1.5. Subscribe to URL-Categorization Service

3.1.6. Log All URL requester

3.1.7. Use of DNS Filtering Services

3.1.8. Implement DMARC and Enable Receiver-Side Verification

3.1.9. Block Unnecessary File Types

3.1.10. Sandbox All Email Attachments

3.2. CIS Control 8: Malware Defenses

3.2.1. Utilize Centrally Managed Anti-malware Software

3.2.2. Ensure Anti-Malware Software and Signatures Are Updated

3.2.3. Enable Operating System Anti-Exploitation Features/Deploy Anti-Exploit Technologies

3.2.4. Configure Anti-Malware Scanning of Removable Devices

3.2.5. Configure Devices to Not Auto-Run Content

3.2.6. Centralize Anti-Malware Logging

3.2.7. Enable DNS Query Logging

3.2.8. Enable Command-Line Audit Logging

3.3. CIS Control 9: Limitation and Control of Network Ports, Protocols, and Services

3.3.1. Associate Active Ports, Services, and Protocols to Asset Inventory

3.3.2. Ensure Only Approved Ports, Protocols, and Services Are Running

3.3.3. Perform Regular Automated Port Scans

3.3.4. Apply Host-Based Firewalls or Port-Filtering

3.3.5. Implement Application Firewalls

3.4. CIS Control 10: Data Recovery Capabilities

3.4.1. Ensure Regular Automated Backups

3.4.2. Perform Complete System Backups

3.4.3. Test Data on Backup Media

3.4.4. Protect Backups

3.4.5. Ensure All Backups Have at Least One Offline Backup Destination

3.5. CI Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches

3.5.1. Maintain Standard Security Configurations for Network Devices

3.5.2. Document Traffic Configuration Rules

3.5.3. Use Automated Tools to Verify Standard Device Configurations and Detect Changes

3.5.4. Install the Latest Stable Version of Any Security-Related Updates on All Network Devices

3.5.5. Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions

3.5.6. Use Dedicated Machines For All Network Administrative Tasks

3.5.7. Manage Network Infrastructure Through a Dedicated Network

3.6. CIS Control 12: Boundary Defense

3.6.1. Scan for Unauthorized Connections Across Trusted Network Boundaries

3.6.2. Deny Communications With Known Malicious IP Addresses

3.6.3. Deny Communication Over Unauthorized Ports

3.6.4. Configure Monitoring Systems to Record Network Packets

3.6.5. Deploy Network-Based IDS Sensors

3.6.6. Deploy Network-Based Intrusion Prevention Systems

3.6.7. Deploy NetFlow Collection on Networking Boundary Devices

3.6.8. Deploy Application Layer Filtering Proxy Server

3.6.9. Decrypt Network Traffic at Proxy

3.6.10. Require All Remote Login to Use Multi-Factor Authentication

3.6.11. Manage All Devices Remotely Logging into Internal Network

3.7. CIS Control 13: Data Protection

3.7.1. Maintain an Inventory of Sensitive Information

3.7.2. Remove Sensitive Data or Systems Not Regularly Accessed by Organization

3.7.3. Monitor and Block Unauthorized Network Traffic

3.7.4. Only Allow Access to Authorized Cloud Storage or Email Providers

3.7.5. Monitor and Detect Any Unauthorized Use of Encryption

3.7.6. Encrypt Mobile Device Data

3.7.7. Manage USB Devices

3.7.8. Manage System's External Removable Media's Read/Write Configurations

3.7.9. Encrypt Data on USB Storage Devices

3.8. CIS Control 14: Controlled Access Based on the Need to Know

3.8.1. Segment the Network Based on Sensitivity

3.8.2. Enable Firewall Filtering Between VLANs

3.8.3. Disable Workstation to Workstation Communication

3.8.4. Encrypt All Sensitive Information in Transit

3.8.5. Utilize an Active Discovery Tool to Identify Sensitive Data

3.8.6. Protect Information Through Access Control Lists

3.8.7. Enforce Access Control to Data Through Automated Tools

3.8.8. Encrypt Sensitive Information at Rest

3.8.9. Enforce Detail Logging for Access or Changes to Sensitive Data

3.9. CIS Control 15: Wireless Access Control

3.9.1. Maintain an Inventory of Authorized Wireless Access Points

3.9.2. Detect Wireless Access Points Connected to the Wired Network

3.9.3. Use a Wireless Intrusion Detection System

3.9.4. Disable Wireless Access on Devices if Not Required

3.9.5. Limit Wireless Access on Client Devices

3.9.6. Disable Peer-to-Peer Wireless Network Capabilities on Wireless Clients

3.9.7. Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless Data

3.9.8. Use Wireless Authentication Protocols That Require Mutual, Multi-Factor Authentication

3.9.9. Disable Wireless Peripheral Access of Devices

3.9.10. Create Separate Wireless Network for Personal and Untrusted Devices

3.10. CIS Control 16: Account Monitoring and Control

3.10.1. Maintain an Inventory of Authentication Systems

3.10.2. Configure Centralized Point of Authentication

3.10.3. Require Multi-Factor Authentication

3.10.4. Encrypt or Hash all Authentication Credentials

3.10.5. Encrypt Transmittal of Username and Authentication Credentials

3.10.6. Maintain an Inventory of Accounts

3.10.7. Establish Process for Revoking Access

3.10.8. Disable Any Unassociated Accounts

3.10.9. Disable Dormant Accounts

3.10.10. Ensure All Accounts Have An Expiration Date

3.10.11. Lock Workstation Sessions After Inactivity

3.10.12. Monitor Attempts to Access Deactivated Accounts

3.10.13. Alert on Account Login Behavior Deviation


4.1. CI Control 18: Application Software Security

4.1.1. Establish Secure Coding Practices

4.1.2. Ensure That Explicit Error Checking is Performed for All In-House Developed Software

4.1.3. Verify That Acquired Software is Still Supported

4.1.4. Only Use Up-to-Date and Trusted Third-Party Components

4.1.5. Use Only Standardized and Extensively Reviewed Encryption Algorithms

4.1.6. Ensure Software Development Personnel are Trained in Secure Coding

4.1.7. Apply Static and Dynamic Code Analysis Tools

4.1.8. Establish a Process to Accept and Address Reports of Software Vulnerabilities

4.1.9. Separate Production and Non-Production Systems

4.1.10. Deploy Web Application Firewalls

4.1.11. Use Standard Hardening Configuration Templates for Databases

4.2. CIS Control 17: Implement a Security Awareness and Training Program

4.2.1. Perform a Skills Gap Analysis

4.2.2. Deliver Training to Fill the Skills Gap

4.2.3. Implement a Security Awareness Program

4.2.4. Update Awareness Content Frequently

4.2.5. Train Workforce on Secure Authentication

4.2.6. Train Workforce on Identifying Social Engineering Attacks

4.2.7. Train Workforce on Sensitive Data Handling

4.2.8. Train Workforce on Causes of Unintentional Data Exposure

4.2.9. Train Workforce Members on Identifying and Reporting Incidents

4.3. CIS Control 19: Incident Response and Management

4.3.1. Document Incident Response Procedures

4.3.2. Assign Job Titles and Duties for Incident Response

4.3.3. Designate Management Personnel to Support Incident Handling

4.3.4. Devise Organization-wide Standards for Reporting Incidents

4.3.5. Maintain Contact Information For Reporting Security Incidents

4.3.6. Conduct Periodic Incident Scenario Sessions for Personnel

4.3.7. Create Incident Scoring and Prioritization Schema

4.3.8. Publish Information Regarding Reporting Computer Anomalies and Incidents

4.4. CIS Control 20: Penetration Tests and Red Team Exercises

4.4.1. Establish a Penetration Testing Program

4.4.2. Conduct Regular External and Internal Penetration Tests

4.4.3. Perform Periodic Red Team Exercises

4.4.4. Include Tests for Presence of Unprotected System Information and Artifacts

4.4.5. Create Test Bed for Elements Not Typically Tested in Production

4.4.6. Use Vulnerability Scanning and Penetration Testing Tools in Concert

4.4.7. Ensure Results from Penetration Test are Documented Using Open, Machine-readable Standards

4.4.8. Control and Monitor Accounts Associated with Penetration Testing