Куда я попал?
CIS Critical Security Controls v8.1 (The 18 CIS CSC)
Framework
https://www.cisecurity.org/controls/v8-1
Альтернативное название The 18 CIS Critical Security Controls
Предыдущая версия называлась SANS Top 20
Альтернативное название The 18 CIS Critical Security Controls
Предыдущая версия называлась SANS Top 20
Для проведения оценки соответствия по документу войдите в систему.
Для оценки соответствия
- авторизуйтесь
- авторизуйтесь
Планируемый уровень
Текущий уровень
Группы областей
65
%
Входящая логистика
95
%
Создание продукта
50
%
Исходящая логистика
49
%
Маркетинг, продажа
80
%
Обслуживание клиента
68
%
Инфраструктура
36
%
HR-менеджмент
83
%
Технологии
85
%
Закупки / Снабжение
86
%
Опыт клиента
Список требований
-
1.4 Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory
Use DHCP logging on all DHCP servers or Internet Protocol (IP) address management tools to update the enterprise’s asset inventory. Review and use logs to update the enterprise’s asset inventory weekly, or more frequentlyОбязательно для implementation Group 2 3 -
2.6 Allowlist Authorized Libraries
Use technical controls to ensure that only authorized software libraries, such as specific .dll, .ocx, and .so files are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually, or more frequently.Обязательно для implementation Group 2 3 -
2.7 Allowlist Authorized Scripts
Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, and .py files are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.Обязательно для implementation Group 3 -
3.2 Establish and Maintain a Data Inventory
Establish and maintain a data inventory based on the enterprise’s data management process. Inventory sensitive data, at a minimum. Review and update inventory annually, at a minimum, with a priority on sensitive data.Обязательно для implementation Group 1 2 3 -
3.4 Enforce Data Retention
Retain data according to the enterprise’s documented data management process. Data retention must include both minimum and maximum timelines.Обязательно для implementation Group 1 2 3 -
3.8 Document Data Flows
Document data flows. Data flow documentation includes service provider data flows and should be based on the enterprise’s data management process. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 2 3 -
3.9 Encrypt Data on Removable Media
Encrypt data on removable media.Обязательно для implementation Group 2 3 -
3.13 Deploy a Data Loss Prevention Solution
Implement an automated tool, such as a host-based Data Loss Prevention (DLP) tool to identify all sensitive data stored, processed, or transmitted through enterprise assets, including those located onsite or at a remote service provider, and update the enterprise’s data inventory.Обязательно для implementation Group 3 -
3.14 Log Sensitive Data Access
Log sensitive data access, including modification and disposal.Обязательно для implementation Group 3 -
4.2 Establish and Maintain a Secure Configuration Process for Network Infrastructure
Establish and maintain a documented secure configuration process for network devices. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 1 2 3 -
4.3 Configure Automatic Session Locking on Enterprise Assets
Configure automatic session locking on enterprise assets after a defined period of inactivity. For general purpose operating systems, the period must not exceed 15 minutes. For mobile end-user devices, the period must not exceed 2 minutes.Обязательно для implementation Group 1 2 3 -
4.7 Manage Default Accounts on Enterprise Assets and Software
Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.Обязательно для implementation Group 1 2 3 -
4.9 Configure Trusted DNS Servers on Enterprise Assets
Configure trusted DNS servers on network infrastructure. Example implementations include: configuring network devices to use enterprise-controlled DNS servers and/or reputable externally accessible DNS servers.Обязательно для implementation Group 2 3 -
4.12 Separate Enterprise Workspaces on Mobile End-User Devices
Ensure separate enterprise workspaces are used on mobile end-user devices, where supported. Example implementations include using an Apple® Configuration Profile or Android™ Work Profile to separate enterprise applications and data from personal applications and data.Обязательно для implementation Group 3 -
5.2 Use Unique Passwords
Use unique passwords for all enterprise assets. Best practice implementation includes, at a minimum, an 8-character password for accounts using Multi-Factor Authentication (MFA) and a 14-character password for accounts not using MFA.Обязательно для implementation Group 1 2 3 -
5.3 Disable Dormant Accounts
Delete or disable any dormant accounts after a period of 45 days of inactivity, where supported.Обязательно для implementation Group 1 2 3 -
5.4 Restrict Administrator Privileges to Dedicated Administrator Accounts
Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.Обязательно для implementation Group 1 2 3 -
5.5 Establish and Maintain an Inventory of Service Accounts
Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain department owner, review date, and purpose. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.Обязательно для implementation Group 2 3 -
5.6 Centralize Account Management
Centralize account management through a directory or identity service.Обязательно для implementation Group 2 3 -
6.2 Establish an Access Revoking Process
Establish and follow a documented process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.Обязательно для implementation Group 1 2 3 -
6.3 Require MFA for Externally-Exposed Applications
Require all externally-exposed enterprise or third-party applications to enforce MFA, where supported. Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard.Обязательно для implementation Group 1 2 3 -
6.4 Require MFA for Remote Network Access
Require MFA for remote network access.Обязательно для implementation Group 1 2 3 -
6.6 Establish and Maintain an Inventory of Authentication and Authorization Systems
Establish and maintain an inventory of the enterprise’s authentication and authorization systems, including those hosted on-site or at a remote service provider. Review and update the inventory, at a minimum, annually, or more frequentlyОбязательно для implementation Group 2 3 -
6.7 Centralize Access Control
Centralize access control for all enterprise assets through a directory service or SSO provider, where supported.Обязательно для implementation Group 2 3 -
7.1 Establish and Maintain a Vulnerability Management Process
Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 1 2 3 -
7.6 Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets
Perform automated vulnerability scans of externally-exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly, or more frequent, basis.Обязательно для implementation Group 2 3 -
8.2 Collect Audit Logs
Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets.Обязательно для implementation Group 1 2 3 -
8.3 Ensure Adequate Audit Log Storage
Ensure that logging destinations maintain adequate storage to comply with the enterprise’s audit log management process.Обязательно для implementation Group 1 2 3 -
8.4 Standardize Time Synchronization
Standardize time synchronization. Configure at least two synchronized time sources across enterprise assets, where supported.Обязательно для implementation Group 2 3 -
8.5 Collect Detailed Audit Logs
Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.Обязательно для implementation Group 2 3 -
8.6 Collect DNS Query Audit Logs
Collect DNS query audit logs on enterprise assets, where appropriate and supported.Обязательно для implementation Group 2 3 -
8.7 Collect URL Request Audit Logs
Collect URL request audit logs on enterprise assets, where appropriate and supported.Обязательно для implementation Group 2 3 -
8.9 Centralize Audit Logs
Centralize, to the extent possible, audit log collection and retention across enterprise assets in accordance with the documented audit log management process. Example implementations include leveraging a SIEM tool to centralize multiple log sources.Обязательно для implementation Group 2 3 -
8.10 Retain Audit Logs
Retain audit logs across enterprise assets for a minimum of 90 days.Обязательно для implementation Group 2 3 -
9.2 Use DNS Filtering Services
Use DNS filtering services on all end-user devices, including remote and on-premises assets, to block access to known malicious domains.Обязательно для implementation Group 1 2 3 -
9.3 Maintain and Enforce Network-Based URL Filters
Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include categorybased filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.Обязательно для implementation Group 2 3 -
9.6 Block Unnecessary File Types
Block unnecessary file types attempting to enter the enterprise’s email gateway.Обязательно для implementation Group 2 3 -
10.1 Deploy and Maintain Anti-Malware Software
Deploy and maintain anti-malware software on all enterprise assets.Обязательно для implementation Group 1 2 3 -
10.2 Configure Automatic Anti-Malware Signature Updates
Configure automatic updates for anti-malware signature files on all enterprise assets.Обязательно для implementation Group 1 2 3 -
10.3 Disable Autorun and Autoplay for Removable Media
Disable autorun and autoplay auto-execute functionality for removable media.Обязательно для implementation Group 1 2 3 -
10.4 Configure Automatic Anti-Malware Scanning of Removable Media
Configure anti-malware software to automatically scan removable mediaОбязательно для implementation Group 2 3 -
10.5 Enable Anti-Exploitation Features
Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.Обязательно для implementation Group 2 3 -
10.6 Centrally Manage Anti-Malware Software
Centrally manage anti-malware softwareОбязательно для implementation Group 2 3 -
10.7 Use Behavior-Based Anti-Malware Software
Use behavior-based anti-malware software.Обязательно для implementation Group 2 3 -
11.1 Establish and Maintain a Data Recovery Process
Establish and maintain a documented data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 1 2 3 -
11.2 Perform Automated Backups
Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.Обязательно для implementation Group 1 2 3 -
11.3 Protect Recovery Data
Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirementsОбязательно для implementation Group 1 2 3 -
11.5 Test Data Recovery
Test backup recovery quarterly, or more frequently, for a sampling of in-scope enterprise assets.Обязательно для implementation Group 2 3 -
12.1 Ensure Network Infrastructure is Up-to-Date
Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network as a service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.Обязательно для implementation Group 1 2 3 -
12.2 Establish and Maintain a Secure Network Architecture
Design and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum. Example implementations may include documentation, policy, and design components.Обязательно для implementation Group 2 3 -
12.4 Establish and Maintain Architecture Diagram(s)
Establish and maintain architecture diagram(s) and/or other network system documentation. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 2 3 -
12.5 Centralize Network Authentication, Authorization, and Auditing (AAA)
Centralize network AAA.Обязательно для implementation Group 2 3 -
13.1 Centralize Security Event Alerting Network
Centralize security event alerting across enterprise assets for log correlation and analysis. Best practice implementation requires the use of a SIEM, which includes vendor-defined event correlation alerts. A log analytics platform configured with security-relevant correlation alerts also satisfies this Safeguard.Обязательно для implementation Group 2 3 -
13.2 Deploy a Host-Based Intrusion Detection Solution
Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supportedОбязательно для implementation Group 2 3 -
13.3 Deploy a Network Intrusion Detection Solution
Deploy a network intrusion detection solution on enterprise assets, where appropriate. Example implementations include the use of a Network Intrusion Detection System (NIDS) or equivalent cloud service provider (CSP) service.Обязательно для implementation Group 2 3 -
13.4 Perform Traffic Filtering Between Network Segments
Perform traffic filtering between network segments, where appropriate.Обязательно для implementation Group 2 3 -
13.6 Collect Network Traffic Flow Logs
Collect network traffic flow logs and/or network traffic to review and alert upon from network devices.Обязательно для implementation Group 2 3 -
13.7 Deploy a Host-Based Intrusion Prevention Solution
Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.Обязательно для implementation Group 3 -
13.11 Tune Security Event Alerting Thresholds
Tune security event alerting thresholds monthly, or more frequently.Обязательно для implementation Group 3 -
14.5 Train Workforce Members on Causes of Unintentional Data Exposure
Train workforce members to be aware of causes for unintentional data exposure. Example topics include mis-delivery of sensitive data, losing a portable end-user device, or publishing data to unintended audiences.Обязательно для implementation Group 1 2 3 -
14.7 Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates
Train workforce to understand how to verify and report out-of-date software patches or any failures in automated processes and tools. Part of this training should include notifying IT personnel of any failures in automated processes and tools.Обязательно для implementation Group 1 2 3 -
14.8 Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks
Train workforce members on the dangers of connecting to, and transmitting data over, insecure networks for enterprise activities. If the enterprise has remote workers, training must include guidance to ensure that all users securely configure their home network infrastructure.Обязательно для implementation Group 1 2 3 -
14.9 Conduct Role-Specific Security Awareness and Skills Training
Conduct role-specific security awareness and skills training. Example implementations include secure system administration courses for IT professionals, OWASP® Top 10 vulnerability awareness and prevention training for web application developers, and advanced social engineering awareness training for high-profile roles.Обязательно для implementation Group 1 2 3 -
15.1 Establish and Maintain an Inventory of Service Providers
Establish and maintain an inventory of service providers. The inventory is to list all known service providers, include classification(s), and designate an enterprise contact for each service provider. Review and update the inventory annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 1 2 3 -
15.2 Establish and Maintain a Service Provider Management Policy
Establish and maintain a service provider management policy. Ensure the policy addresses the classification, inventory, assessment, monitoring, and decommissioning of service providers. Review and update the policy annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 2 3 -
15.6 Monitor Service Providers
Monitor service providers consistent with the enterprise’s service provider management policy. Monitoring may include periodic reassessment of service provider compliance, monitoring service provider release notes, and dark web monitoring.Обязательно для implementation Group 3 -
16.3 Perform Root Cause Analysis on Security Vulnerabilities
Perform root cause analysis on security vulnerabilities. When reviewing vulnerabilities, root cause analysis is the task of evaluating underlying issues that create vulnerabilities in code, and allows development teams to move beyond just fixing individual vulnerabilities as they arise.Обязательно для implementation Group 2 3 -
16.5 Use Up-to-Date and Trusted Third-Party Software Components
Use up-to-date and trusted third-party software components. When possible, choose established and proven frameworks and libraries that provide adequate security. Acquire these components from trusted sources or evaluate the software for vulnerabilities before use.Обязательно для implementation Group 2 3 -
16.8 Separate Production and Non-Production Systems
Maintain separate environments for production and non-production systems.Обязательно для implementation Group 2 3 -
17.4 Establish and Maintain an Incident Response Process
Establish and maintain a documented incident response process that addresses roles and responsibilities, compliance requirements, and a communication plan. Review annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 2 3 -
17.5 Assign Key Roles and Responsibilities
Assign key roles and responsibilities for incident response, including staff from incident responders, analysts, and relevant third parties. Review annually, or when significant enterprise changes occur that could impact this Safeguard.Обязательно для implementation Group 2 3 -
17.7 Conduct Routine Incident Response Exercises
Plan and conduct routine incident response exercises and scenarios for key personnel involved in the incident response process to prepare for responding to real-world incidents. Exercises need to test communication channels, decision making, and workflows. Conduct testing on an annual basis, at a minimum.Обязательно для implementation Group 2 3 -
18.3 Remediate Penetration Test Findings
Remediate penetration test findings based on the enterprise’s documented vulnerability remediation process. This should include determining a timeline and level of effort based on the impact and prioritization of each identified finding.Обязательно для implementation Group 2 3
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.