CIS Controls Implementation Group 1 (43 Sub-controls)Data from
CIS Sub-controlsAsset TypeTitleDescription
1.4DevicesMaintain Detailed Asset InventoryMaintain an accurate and up-to-date inventory of all technology assets with the potential to store or process information. This inventory shall include all hardware assets, whether connected to the organization's network or not.
1.6DevicesAddress Unauthorized AssetsEnsure that unauthorized assets are either removed from the network, quarantined or the inventory is updated in a timely manner.
2.1ApplicationsMaintain Inventory of Authorized SoftwareMaintain an up-to-date list of all authorized software that is required in the enterprise for any business purpose on any business system.
2.2ApplicationsEnsure Software is Supported by VendorEnsure that only software applications or operating systems currently supported by the software's vendor are added to the organization's authorized software inventory. Unsupported software should be tagged as unsupported in the inventory system.
2.6ApplicationsAddress unapproved softwareEnsure that unauthorized software is either removed or the inventory is updated in a timely manner
3.4ApplicationsDeploy Automated Operating System Patch Management ToolsDeploy automated software update tools in order to ensure that the operating systems are running the most recent security updates provided by the software vendor.
3.5ApplicationsDeploy Automated Software Patch Management ToolsDeploy automated software update tools in order to ensure that third-party software on all systems is running the most recent security updates provided by the software vendor.
4.2UsersChange Default PasswordsBefore deploying any new asset, change all default passwords to have values consistent with administrative level accounts.
4.3UsersEnsure the Use of Dedicated Administrative AccountsEnsure that all users with administrative account access use a dedicated or secondary account for elevated activities. This account should only be used for administrative activities and not internet browsing, email, or similar activities.
5.1ApplicationsEstablish Secure ConfigurationsMaintain documented, standard security configuration standards for all authorized operating systems and software.
6.2NetworkActivate audit loggingEnsure that local logging has been enabled on all systems and networking devices.
7.1ApplicationsEnsure Use of Only Fully Supported Browsers and Email ClientsEnsure that only fully supported web browsers and email clients are allowed to execute in the organization, ideally only using the latest version of the browsers and email clients provided by the vendor.
7.7NetworkUse of DNS Filtering ServicesUse DNS filtering services to help block access to known malicious domains.
8.2DevicesEnsure Anti-Malware Software and Signatures are UpdatedEnsure that the organization's anti-malware software updates its scanning engine and signature database on a regular basis.
8.4DevicesConfigure Anti-Malware Scanning of Removable DevicesConfigure devices so that they automatically conduct an anti-malware scan of removable media when inserted or connected.
8.5DevicesConfigure Devices Not To Auto-Run ContentConfigure devices to not auto-run content from removable media.
9.4DevicesApply Host-Based Firewalls or Port FilteringApply host-based firewalls or port filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
10.1DataEnsure Regular Automated BackUpsEnsure that all system data is automatically backed up on a regular basis.
10.2DataPerform Complete System BackupsEnsure that all of the organization's key systems are backed up as a complete system, through processes such as imaging, to enable the quick recovery of an entire system.
10.4DataEnsure Protection of BackupsEnsure that backups are properly protected via physical security or encryption when they are stored, as well as when they are moved across the network. This includes remote backups and cloud services.
10.5DataEnsure Backups Have At least One Non-Continuously Addressable DestinationEnsure that all backups have at least one backup destination that is not continuously addressable through operating system calls.
11.4NetworkInstall the Latest Stable Version of Any Security-Related Updates on All Network DevicesInstall the latest stable version of any security-related updates on all network devices.
12.1NetworkMaintain an Inventory of Network BoundariesMaintain an up-to-date inventory of all of the organization's network boundaries.
12.4NetworkDeny Communication over Unauthorized PortsDeny communication over unauthorized TCP or UDP ports or application traffic to ensure that only authorized protocols are allowed to cross the network boundary in or out of the network at each of the organization's network boundaries.
13.1DataMaintain an Inventory of Sensitive InformationMaintain an inventory of all sensitive information stored, processed, or transmitted by the organization's technology systems, including those located on-site or at a remote service provider.
13.2DataRemove Sensitive Data or Systems Not Regularly Accessed by OrganizationRemove sensitive data or systems not regularly accessed by the organization from the network. These systems shall only be used as stand alone systems (disconnected from the network) by the business unit needing to occasionally use the system or completely virtualized and powered off until needed.
13.6DataEncrypt the Hard Drive of All Mobile Devices.Utilize approved whole disk encryption software to encrypt the hard drive of all mobile devices.
14.6DataProtect Information through Access Control ListsProtect all information stored on systems with file system, network share, claims, application, or database specific access control lists. These controls will enforce the principle that only authorized individuals should have access to the information based on their need to access the information as a part of their responsibilities.
15.1NetworkCreate Separate Wireless Network for Personal and Untrusted DevicesCreate a separate wireless network for personal or untrusted devices. Enterprise access from this network should be treated as untrusted and filtered and audited accordingly.
15.7NetworkLeverage the Advanced Encryption Standard (AES) to Encrypt Wireless DataLeverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit.
16.11UsersLock Workstation Sessions After InactivityAutomatically lock workstation sessions after a standard period of inactivity.
16.8UsersDisable Any Unassociated AccountsDisable any account that cannot be associated with a business process or business owner.
16.9UsersDisable Dormant AccountsAutomatically disable dormant accounts after a set period of inactivity.
17.3N/AImplement a Security Awareness ProgramCreate a security awareness program for all workforce members to complete on a regular basis to ensure they understand and exhibit the necessary behaviors and skills to help ensure the security of the organization. The organization's security awareness program should be communicated in a continuous and engaging manner.
17.5N/ATrain Workforce on Secure AuthenticationTrain workforce members on the importance of enabling and utilizing secure authentication.
17.6N/ATrain Workforce on Identifying Social Engineering AttacksTrain the workforce on how to identify different forms of social engineering attacks, such as phishing, phone scams and impersonation calls.
17.7N/ATrain Workforce on Sensitive Data HandlingTrain workforce on how to identify and properly store, transfer, archive and destroy sensitive information.
17.8N/ATrain Workforce on Causes of Unintentional Data ExposureTrain workforce members to be aware of causes for unintentional data exposures, such as losing their mobile devices or emailing the wrong person due to autocomplete in email.
17.9N/ATrain Workforce Members on Identifying and Reporting IncidentsTrain employees to be able to identify the most common indicators of an incident and be able to report such an incident.
19.1N/ADocument Incident Response ProceduresEnsure that there are written incident response plans that define roles of personnel as well as phases of incident handling/management.
19.3N/ADesignate Management Personnel to Support Incident HandlingDesignate management personnel, as well as backups, who will support the incident handling process by acting in key decision-making roles.
19.5N/AMaintain Contact Information For Reporting Security IncidentsAssemble and maintain information on third-party contact information to be used to report a security incident, such as Law Enforcement, relevant government departments, vendors, and ISAC partners.
19.6N/APublish Information Regarding Reporting Computer Anomalies and IncidentsPublish information for all workforce members, regarding reporting computer anomalies and incidents to the incident handling team. Such information should be included in routine employee awareness activities.