SafeGuards v.1 Flashcards
CIS Control 2: Inventory and Control of Software Assets
Safeguards:
Maintain a current list of all software.
Implement software whitelisting.
Enforce strict controls on software installation.
Implementation Group: All IGs
Function: Identify, Protect
CIS Control 1: Inventory and Control of Hardware Assets
Safeguards:
Keep an up-to-date list of all hardware devices.
Use automated tools to track hardware inventory.
Restrict access to hardware assets.
Implementation Group: All IGs
Function: Identify, Protect
CIS Control 3: Continuous Vulnerability Management
Safeguards:
Regularly scan for vulnerabilities.
Establish a patch management process.
Monitor vulnerability reports.
Implementation Group: All IGs
Function: Detect, Respond
CIS Control 4: Controlled Use of Administrative Privileges
Safeguards:
Follow least privilege principles.
Use multi-factor authentication for admins.
Log and monitor admin activities.
Implementation Group: All IGs
Function: Protect, Detect
CIS Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Safeguards:
Develop standard security configurations.
Regularly audit and enforce configurations.
Apply security patches promptly.
Implementation Group: All IGs
Function: Protect, Detect
CIS Control 6: Maintenance, Monitoring, and Analysis of Audit Logs
Safeguards:
Enable audit logging on all systems.
Centralize log management.
Regularly review logs for suspicious activities.
Implementation Group: All IGs
Function: Detect, Respond
CIS Control 7: Email and Web Browser Protections
Safeguards:
Implement email filtering.
Train users on identifying phishing attempts.
Use web content filtering.
Implementation Group: All IGs
Function: Protect, Detect
CIS Control 8: Malware Defenses
Safeguards:
Deploy anti-malware software.
Use application whitelisting.
Sandbox suspicious files.
Implementation Group: All IGs
Function: Protect, Detect
CIS Control 9: Limitation and Control of Network Ports, Protocols, and Services
Safeguards:
Disable unnecessary ports and services.
Implement network segmentation.
Use firewalls to control traffic.
Implementation Group: All IGs
Function: Protect, Detect
CIS Control 10: Data Recovery Capability
Safeguards:
Perform regular data backups.
Test backup and recovery procedures.
Store backups securely offsite.
Implementation Group: All IGs
Function: Recover
CIS Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches
Safeguards:
Apply firmware updates regularly.
Disable unused services and interfaces.
Use strong authentication for device access.
Implementation Group: All IGs
Function: Protect, Detect
CIS Control 12: Boundary Defense
Safeguards:
Use intrusion detection/prevention systems.
Configure firewalls to filter traffic.
Monitor network traffic for anomalies.
Implementation Group: All IGs
Function: Protect, Detect
CIS Control 13: Data Protection
Safeguards:
Encrypt sensitive data.
Implement data loss prevention solutions.
Enforce strict access controls.
Implementation Group: All IGs
Function: Protect, Detect
CIS Control 14: Controlled Access Based on the Need to Know
Safeguards:
Implement role-based access controls.
Regularly review access permissions.
Enforce least privilege.
Implementation Group: All IGs
Function: Protect, Detect
CIS Control 15: Wireless Access Control
Safeguards:
Use strong encryption for wireless networks.
Regularly scan for rogue access points.
Enforce authentication for wireless access.
Implementation Group: All IGs
Function: Protect, Detect