Соответствие требованиям

Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Наш канал

CIS Critical Security Controls v8 (The 18 CIS CSC)

Framework

Network Monitoring

Для проведения оценки соответствия по документу войдите в систему.

Список требований

Показывать только требования

Control 13. Network Monitoring and Defense
Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats across the enterprise’s network infrastructure and user base.
13.1 Centralize Security Event Alerting Network
Centralize security event alerting across enterprise assets for log correlation and analysis. Best practice implementation requires the use of a SIEM, which includes vendor-defined event correlation alerts. A log analytics platform configured with security-relevant correlation alerts also satisfies this Safeguard.

Обязательно для implementation Group 2 3
13.2 Deploy a Host-Based Intrusion Detection Solution
Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported

Обязательно для implementation Group 2 3
13.3 Deploy a Network Intrusion Detection Solution
Deploy a network intrusion detection solution on enterprise assets, where appropriate. Example implementations include the use of a Network Intrusion Detection System (NIDS) or equivalent cloud service provider (CSP) service.

Обязательно для implementation Group 2 3
13.4 Perform Traffic Filtering Between Network Segments
Perform traffic filtering between network segments, where appropriate.

Обязательно для implementation Group 2 3
13.5 Manage Access Control for Remote Assets
Manage access control for assets remotely connecting to enterprise resources. Determine amount of access to enterprise resources based on: up-to-date anti-malware software installed, configuration compliance with the enterprise’s secure configuration process, and ensuring the operating system and applications are up-to-date.

Обязательно для implementation Group 2 3
13.6 Collect Network Traffic Flow Logs
Collect network traffic flow logs and/or network traffic to review and alert upon from network devices.

Обязательно для implementation Group 2 3
13.7 Deploy a Host-Based Intrusion Prevention Solution
Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.

Обязательно для implementation Group 3
13.8 Deploy a Network Intrusion Prevention Solution Network
Deploy a network intrusion prevention solution, where appropriate. Example implementations include the use of a Network Intrusion Prevention System (NIPS) or equivalent CSP service.

Обязательно для implementation Group 3
13.9 Deploy Port-Level Access Control
Deploy port-level access control. Port-level access control utilizes 802.1x, or similar network access control protocols, such as certificates, and may incorporate user and/or device authentication.

Обязательно для implementation Group 3
13.10 Perform Application Layer Filtering
Perform application layer filtering. Example implementations include a filtering proxy, application layer firewall, or gateway.

Обязательно для implementation Group 3
13.11 Tune Security Event Alerting Thresholds
Tune security event alerting thresholds monthly, or more frequently.

Обязательно для implementation Group 3

Связанные защитные меры

	Название	Дата	Влияние
Community 9 31 / 85	Выделение ключевых систем в отдельную сеть (сегментация сети) Вручную Техническая Превентивная 03.05.2022	03.05.2022	9 31 / 85