Куда я попал?
CIS Critical Security Controls v8 (The 18 CIS CSC)
Framework
Network Monitoring
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
13.1 Centralize Security Event Alerting Network
Centralize security event alerting across enterprise assets for log correlation and analysis. Best practice implementation requires the use of a SIEM, which includes vendor-defined event correlation alerts. A log analytics platform configured with security-relevant correlation alerts also satisfies this Safeguard.Обязательно для implementation Group 2 3 -
13.2 Deploy a Host-Based Intrusion Detection Solution
Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supportedОбязательно для implementation Group 2 3 -
13.3 Deploy a Network Intrusion Detection Solution
Deploy a network intrusion detection solution on enterprise assets, where appropriate. Example implementations include the use of a Network Intrusion Detection System (NIDS) or equivalent cloud service provider (CSP) service.Обязательно для implementation Group 2 3 -
13.4 Perform Traffic Filtering Between Network Segments
Perform traffic filtering between network segments, where appropriate.Обязательно для implementation Group 2 3 -
13.6 Collect Network Traffic Flow Logs
Collect network traffic flow logs and/or network traffic to review and alert upon from network devices.Обязательно для implementation Group 2 3 -
13.7 Deploy a Host-Based Intrusion Prevention Solution
Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.Обязательно для implementation Group 3 -
13.11 Tune Security Event Alerting Thresholds
Tune security event alerting thresholds monthly, or more frequently.Обязательно для implementation Group 3
Связанные защитные меры
Название | Дата | Влияние | ||
---|---|---|---|---|
Community
9
31 / 85
|
Выделение ключевых систем в отдельную сеть (сегментация сети)
Вручную
Техническая
Превентивная
03.05.2022
|
03.05.2022 | 9 31 / 85 |