Skip to content

Instantly share code, notes, and snippets.

@opexxx

opexxx/CIS71.json

Created May 4, 2020 23:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save opexxx/01914158f3f804a9ac6f838065b6c9a2 to your computer and use it in GitHub Desktop.
Save opexxx/01914158f3f804a9ac6f838065b6c9a2 to your computer and use it in GitHub Desktop.
Download ZIP
CIS v7.1
Raw
CIS71.json
[
{
"1": "1",
"Inventory and Control of Hardware Assets": "Inventory and Control of Hardware Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.",
"1.1": "1.2",
"Utilize an Active Discovery Tool": "Use a Passive Asset Discovery Tool",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize a passive discovery tool to identify devices connected to the organization's network and automatically update the organization's hardware asset inventory.",
"TBD": "TBD"
},
{
"1": "1",
"Inventory and Control of Hardware Assets": "Inventory and Control of Hardware Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.",
"1.1": "1.3",
"Utilize an Active Discovery Tool": "Use DHCP Logging to Update Asset Inventory",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use Dynamic Host Configuration Protocol (DHCP) logging on all DHCP servers or IP address management tools to update the organization's hardware asset inventory.",
"TBD": "TBD"
},
{
"1": "1",
"Inventory and Control of Hardware Assets": "Inventory and Control of Hardware Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.",
"1.1": "1.4",
"Utilize an Active Discovery Tool": "Maintain Detailed Asset Inventory",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain an accurate and up-to-date inventory of all technology assets with the potential to store or process information. This inventory shall include all hardware assets, whether connected to the organization's network or not.",
"TBD": "TBD"
},
{
"1": "1",
"Inventory and Control of Hardware Assets": "Inventory and Control of Hardware Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.",
"1.1": "1.5",
"Utilize an Active Discovery Tool": "Maintain Asset Inventory Information",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that the hardware asset inventory records the network address, hardware address, machine name, data asset owner, and department for each asset and whether the hardware asset has been approved to connect to the network.",
"TBD": "TBD"
},
{
"1": "1",
"Inventory and Control of Hardware Assets": "Inventory and Control of Hardware Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.",
"1.1": "1.6",
"Utilize an Active Discovery Tool": "Address Unauthorized Assets",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that unauthorized assets are either removed from the network, quarantined or the inventory is updated in a timely manner.",
"TBD": "TBD"
},
{
"1": "1",
"Inventory and Control of Hardware Assets": "Inventory and Control of Hardware Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.",
"1.1": "1.7",
"Utilize an Active Discovery Tool": "Deploy Port Level Access Control",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize port level access control, following 802.1x standards, to control which devices can authenticate to the network. The authentication system shall be tied into the hardware asset inventory data to ensure only authorized devices can connect to the network.",
"TBD": "TBD"
},
{
"1": "1",
"Inventory and Control of Hardware Assets": "Inventory and Control of Hardware Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.",
"1.1": "1.8",
"Utilize an Active Discovery Tool": "Utilize Client Certificates to Authenticate Hardware Assets",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use client certificates to authenticate hardware assets connecting to the organization's trusted network.",
"TBD": "TBD"
},
{
"1": "1",
"Inventory and Control of Hardware Assets": "Inventory and Control of Hardware Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.",
"1.1": "1.8",
"Utilize an Active Discovery Tool": "Utilize Client Certificates to Authenticate Hardware Assets",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use client certificates to authenticate hardware assets connecting to the organization's trusted network.",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.1",
"Utilize an Active Discovery Tool": "Maintain Inventory of Authorized Software",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain an up-to-date list of all authorized software that is required in the enterprise for any business purpose on any business system.",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.2",
"Utilize an Active Discovery Tool": "Ensure Software is Supported by Vendor",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that only software applications or operating systems currently supported by the software's vendor are added to the organization's authorized software inventory. Unsupported software should be tagged as unsupported in the inventory system.",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.3",
"Utilize an Active Discovery Tool": "Utilize Software Inventory Tools",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize software inventory tools throughout the organization to automate the documentation of all software on business systems.",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.4",
"Utilize an Active Discovery Tool": "Track Software Inventory Information",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "The software inventory system should track the name, version, publisher, and install date for all software, including operating systems authorized by the organization.",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.5",
"Utilize an Active Discovery Tool": "Integrate Software and Hardware Asset Inventories",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "The software inventory system should be tied into the hardware asset inventory so all devices and associated software are tracked from a single location.",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.6",
"Utilize an Active Discovery Tool": "Address unapproved software",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that unauthorized software is either removed or the inventory is updated in a timely manner",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.7",
"Utilize an Active Discovery Tool": "Utilize Application Whitelisting",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize application whitelisting technology on all assets to ensure that only authorized software executes and all unauthorized software is blocked from executing on assets.",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.8",
"Utilize an Active Discovery Tool": "Implement Application Whitelisting of Libraries",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "The organization's application whitelisting software must ensure that only authorized software libraries (such as *.dll, *.ocx, *.so, etc.) are allowed to load into a system process.",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.9",
"Utilize an Active Discovery Tool": "Implement Application Whitelisting of Scripts",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "The organization's application whitelisting software must ensure that only authorized, digitally signed scripts (such as *.ps1, \n *.py, macros, etc.) are allowed to run on a system.",
"TBD": "TBD"
},
{
"1": "2",
"Inventory and Control of Hardware Assets": "Inventory and Control of Software Assets",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. ",
"1.1": "2.10",
"Utilize an Active Discovery Tool": "Physically or Logically Segregate High Risk Applications",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Physically or logically segregated systems should be used to isolate and run software that is required for business operations but incur higher risk for the organization.",
"TBD": "TBD"
},
{
"1": "3",
"Inventory and Control of Hardware Assets": "Continuous Vulnerability Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.",
"1.1": "3.1",
"Utilize an Active Discovery Tool": "Run Automated Vulnerability Scanning Tools",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize an up-to-date SCAP-compliant vulnerability scanning tool to automatically scan all systems on the network on a weekly or more frequent basis to identify all potential vulnerabilities on the organization's systems.",
"TBD": "TBD"
},
{
"1": "3",
"Inventory and Control of Hardware Assets": "Continuous Vulnerability Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.",
"1.1": "3.2",
"Utilize an Active Discovery Tool": "Perform Authenticated Vulnerability Scanning",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Perform authenticated vulnerability scanning with agents running locally on each system or with remote scanners that are configured with elevated rights on the system being tested.",
"TBD": "TBD"
},
{
"1": "3",
"Inventory and Control of Hardware Assets": "Continuous Vulnerability Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.",
"1.1": "3.3",
"Utilize an Active Discovery Tool": "Protect Dedicated Assessment Accounts",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use a dedicated account for authenticated vulnerability scans, which should not be used for any other administrative activities and should be tied to specific machines at specific IP addresses.",
"TBD": "TBD"
},
{
"1": "3",
"Inventory and Control of Hardware Assets": "Continuous Vulnerability Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.",
"1.1": "3.4",
"Utilize an Active Discovery Tool": "Deploy Automated Operating System Patch Management Tools",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deploy automated software update tools in order to ensure that the operating systems are running the most recent security updates provided by the software vendor.",
"TBD": "TBD"
},
{
"1": "3",
"Inventory and Control of Hardware Assets": "Continuous Vulnerability Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.",
"1.1": "3.5",
"Utilize an Active Discovery Tool": "Deploy Automated Software Patch Management Tools",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deploy automated software update tools in order to ensure that third-party software on all systems is running the most recent security updates provided by the software vendor.",
"TBD": "TBD"
},
{
"1": "3",
"Inventory and Control of Hardware Assets": "Continuous Vulnerability Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.",
"1.1": "3.6",
"Utilize an Active Discovery Tool": "Compare Back-to-back Vulnerability Scans",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Regularly compare the results from back-to-back vulnerability scans to verify that vulnerabilities have been remediated in a timely manner.",
"TBD": "TBD"
},
{
"1": "3",
"Inventory and Control of Hardware Assets": "Continuous Vulnerability Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.",
"1.1": "3.7",
"Utilize an Active Discovery Tool": "Utilize a Risk-rating Process",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize a risk-rating process to prioritize the remediation of discovered vulnerabilities.",
"TBD": "TBD"
},
{
"1": "4",
"Inventory and Control of Hardware Assets": "Controlled Use of Administrative Privileges",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.",
"1.1": "4.1",
"Utilize an Active Discovery Tool": "Maintain Inventory of Administrative Accounts",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use automated tools to inventory all administrative accounts, including domain and local accounts, to ensure that only authorized individuals have elevated privileges.",
"TBD": "TBD"
},
{
"1": "4",
"Inventory and Control of Hardware Assets": "Controlled Use of Administrative Privileges",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.",
"1.1": "4.2",
"Utilize an Active Discovery Tool": "Change Default Passwords",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts.",
"TBD": "TBD"
},
{
"1": "4",
"Inventory and Control of Hardware Assets": "Controlled Use of Administrative Privileges",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.",
"1.1": "4.3",
"Utilize an Active Discovery Tool": "Ensure the Use of Dedicated Administrative Accounts",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that all users with administrative account access use a dedicated or secondary account for elevated activities. This account should only be used for administrative activities and not internet browsing, email, or similar activities.",
"TBD": "TBD"
},
{
"1": "4",
"Inventory and Control of Hardware Assets": "Controlled Use of Administrative Privileges",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.",
"1.1": "4.4",
"Utilize an Active Discovery Tool": "Use Unique Passwords",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Where multi-factor authentication is not supported (such as local administrator, root, or service accounts), accounts will use passwords that are unique to that system.",
"TBD": "TBD"
},
{
"1": "4",
"Inventory and Control of Hardware Assets": "Controlled Use of Administrative Privileges",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.",
"1.1": "4.5",
"Utilize an Active Discovery Tool": "Use Multifactor Authentication For All Administrative Access",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use multi-factor authentication and encrypted channels for all administrative account access.",
"TBD": "TBD"
},
{
"1": "4",
"Inventory and Control of Hardware Assets": "Controlled Use of Administrative Privileges",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.",
"1.1": "4.6",
"Utilize an Active Discovery Tool": "Use of Dedicated Machines For All Administrative Tasks",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure administrators use a dedicated machine for all administrative tasks or tasks requiring administrative access. This machine will be segmented from the organization's primary network and not be allowed Internet access. This machine will not be used for reading e-mail, composing documents, or browsing the Internet.",
"TBD": "TBD"
},
{
"1": "4",
"Inventory and Control of Hardware Assets": "Controlled Use of Administrative Privileges",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.",
"1.1": "4.7",
"Utilize an Active Discovery Tool": "Limit Access to Script Tools",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Limit access to scripting tools (such as Microsoft PowerShell and Python) to only administrative or development users with the need to access those capabilities.",
"TBD": "TBD"
},
{
"1": "4",
"Inventory and Control of Hardware Assets": "Controlled Use of Administrative Privileges",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.",
"1.1": "4.8",
"Utilize an Active Discovery Tool": "Log and Alert on Changes to Administrative Group Membership",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges.",
"TBD": "TBD"
},
{
"1": "4",
"Inventory and Control of Hardware Assets": "Controlled Use of Administrative Privileges",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.",
"1.1": "4.9",
"Utilize an Active Discovery Tool": "Log and Alert on Unsuccessful Administrative Account Login",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Configure systems to issue a log entry and alert on unsuccessful logins to an administrative account.",
"TBD": "TBD"
},
{
"1": "5",
"Inventory and Control of Hardware Assets": "Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. ",
"1.1": "5.1",
"Utilize an Active Discovery Tool": "Establish Secure Configurations",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain documented, standard security configuration standards for all authorized operating systems and software.",
"TBD": "TBD"
},
{
"1": "5",
"Inventory and Control of Hardware Assets": "Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. ",
"1.1": "5.2",
"Utilize an Active Discovery Tool": "Maintain Secure Images",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain secure images or templates for all systems in the enterprise based on the organization's approved configuration standards. Any new system deployment or existing system that becomes compromised should be imaged using one of those images or templates.",
"TBD": "TBD"
},
{
"1": "5",
"Inventory and Control of Hardware Assets": "Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. ",
"1.1": "5.3",
"Utilize an Active Discovery Tool": "Securely Store Master Images",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Store the master images and templates on securely configured servers, validated with integrity monitoring tools, to ensure that only authorized changes to the images are possible.",
"TBD": "TBD"
},
{
"1": "5",
"Inventory and Control of Hardware Assets": "Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. ",
"1.1": "5.4",
"Utilize an Active Discovery Tool": "Deploy System Configuration Management Tools",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deploy system configuration management tools that will automatically enforce and redeploy configuration settings to systems at regularly scheduled intervals.",
"TBD": "TBD"
},
{
"1": "5",
"Inventory and Control of Hardware Assets": "Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. ",
"1.1": "5.5",
"Utilize an Active Discovery Tool": "Implement Automated Configuration Monitoring Systems",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize a Security Content Automation Protocol (SCAP) compliant configuration monitoring system to verify all security configuration elements, catalog approved exceptions, and alert when unauthorized changes occur.",
"TBD": "TBD"
},
{
"1": "6",
"Inventory and Control of Hardware Assets": "Maintenance, Monitoring and Analysis of Audit Logs",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. ",
"1.1": "6.1",
"Utilize an Active Discovery Tool": "Utilize Three Synchronized Time Sources",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use at least three synchronized time sources from which all servers and network devices retrieve time information on a regular basis so that timestamps in logs are consistent.",
"TBD": "TBD"
},
{
"1": "6",
"Inventory and Control of Hardware Assets": "Maintenance, Monitoring and Analysis of Audit Logs",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. ",
"1.1": "6.2",
"Utilize an Active Discovery Tool": "Activate audit logging",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that local logging has been enabled on all systems and networking devices.",
"TBD": "TBD"
},
{
"1": "6",
"Inventory and Control of Hardware Assets": "Maintenance, Monitoring and Analysis of Audit Logs",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. ",
"1.1": "6.3",
"Utilize an Active Discovery Tool": "Enable Detailed Logging",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Enable system logging to include detailed information such as a event source, date, user, timestamp, source addresses, destination addresses, and other useful elements.",
"TBD": "TBD"
},
{
"1": "6",
"Inventory and Control of Hardware Assets": "Maintenance, Monitoring and Analysis of Audit Logs",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. ",
"1.1": "6.4",
"Utilize an Active Discovery Tool": "Ensure adequate storage for logs",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that all systems that store logs have adequate storage space for the logs generated.",
"TBD": "TBD"
},
{
"1": "6",
"Inventory and Control of Hardware Assets": "Maintenance, Monitoring and Analysis of Audit Logs",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. ",
"1.1": "6.5",
"Utilize an Active Discovery Tool": "Central Log Management",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.",
"TBD": "TBD"
},
{
"1": "6",
"Inventory and Control of Hardware Assets": "Maintenance, Monitoring and Analysis of Audit Logs",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. ",
"1.1": "6.6",
"Utilize an Active Discovery Tool": "Deploy SIEM or Log Analytic tool",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deploy Security Information and Event Management (SIEM) or log analytic tool for log correlation and analysis.",
"TBD": "TBD"
},
{
"1": "6",
"Inventory and Control of Hardware Assets": "Maintenance, Monitoring and Analysis of Audit Logs",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. ",
"1.1": "6.7",
"Utilize an Active Discovery Tool": "Regularly Review Logs",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "On a regular basis, review logs to identify anomalies or abnormal events.",
"TBD": "TBD"
},
{
"1": "6",
"Inventory and Control of Hardware Assets": "Maintenance, Monitoring and Analysis of Audit Logs",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. ",
"1.1": "6.8",
"Utilize an Active Discovery Tool": "Regularly Tune SIEM",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "On a regular basis, tune your SIEM system to better identify actionable events and decrease event noise.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.1",
"Utilize an Active Discovery Tool": "Ensure Use of Only Fully Supported Browsers and Email Clients",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that only fully supported web browsers and email clients are allowed to execute in the organization, ideally only using the latest version of the browsers and email clients provided by the vendor.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.2",
"Utilize an Active Discovery Tool": "Disable Unnecessary or Unauthorized Browser or Email Client Plugins",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Uninstall or disable any unauthorized browser or email client plugins or add-on applications.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.3",
"Utilize an Active Discovery Tool": "Limit Use of Scripting Languages in Web Browsers and Email Clients",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that only authorized scripting languages are able to run in all web browsers and email clients.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.4",
"Utilize an Active Discovery Tool": "Maintain and Enforce Network-Based URL Filters",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Enforce network-based URL filters that limit a system's ability to connect to websites not approved by the organization. This filtering shall be enforced for each of the organization's systems, whether they are physically at an organization's facilities or not.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.5",
"Utilize an Active Discovery Tool": "Subscribe to URL-Categorization Service",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Subscribe to URL categorization services to ensure that they are up-to-date with the most recent website category definitions available. Uncategorized sites shall be blocked by default.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.6",
"Utilize an Active Discovery Tool": "Log all URL requester",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Log all URL requests from each of the organization's systems, whether on-site or a mobile device, in order to identify potentially malicious activity and assist incident handlers with identifying potentially compromised systems.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.7",
"Utilize an Active Discovery Tool": "Use of DNS Filtering Services",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use DNS filtering services to help block access to known malicious domains.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.8",
"Utilize an Active Discovery Tool": "Implement DMARC and Enable Receiver-Side Verification",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "To lower the chance of spoofed or modified emails from valid domains, implement Domain-based Message Authentication, Reporting and Conformance (DMARC) policy and verification, starting by implementing the Sender Policy Framework (SPF) and the Domain Keys Identified Mail(DKIM) standards.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.9",
"Utilize an Active Discovery Tool": "Block Unnecessary File Types",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Block all e-mail attachments entering the organization's email gateway if the file types are unnecessary for the organization's business.",
"TBD": "TBD"
},
{
"1": "7",
"Inventory and Control of Hardware Assets": "Email and Web Browser Protections",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. ",
"1.1": "7.10",
"Utilize an Active Discovery Tool": "Sandbox All Email Attachments",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use sandboxing to analyze and block inbound email attachments with malicious behavior.",
"TBD": "TBD"
},
{
"1": "8",
"Inventory and Control of Hardware Assets": "Malware Defenses",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.",
"1.1": "8.1",
"Utilize an Active Discovery Tool": "Utilize Centrally Managed Anti-malware Software",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization's workstations and servers.",
"TBD": "TBD"
},
{
"1": "8",
"Inventory and Control of Hardware Assets": "Malware Defenses",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.",
"1.1": "8.2",
"Utilize an Active Discovery Tool": "Ensure Anti-Malware Software and Signatures are Updated",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that the organization's anti-malware software updates its scanning engine and signature database on a regular basis.",
"TBD": "TBD"
},
{
"1": "8",
"Inventory and Control of Hardware Assets": "Malware Defenses",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.",
"1.1": "8.3",
"Utilize an Active Discovery Tool": "Enable Operating System Anti-Exploitation Features/ Deploy Anti-Exploit Technologies",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Enable anti-exploitation features such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR) that are available in an operating system or deploy appropriate toolkits that can be configured to apply protection to a broader set of applications and executables.",
"TBD": "TBD"
},
{
"1": "8",
"Inventory and Control of Hardware Assets": "Malware Defenses",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.",
"1.1": "8.4",
"Utilize an Active Discovery Tool": "Configure Anti-Malware Scanning of Removable Devices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Configure devices so that they automatically conduct an anti-malware scan of removable media when inserted or connected.",
"TBD": "TBD"
},
{
"1": "8",
"Inventory and Control of Hardware Assets": "Malware Defenses",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.",
"1.1": "8.5",
"Utilize an Active Discovery Tool": "Configure Devices Not To Auto-Run Content",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Configure devices to not auto-run content from removable media.",
"TBD": "TBD"
},
{
"1": "8",
"Inventory and Control of Hardware Assets": "Malware Defenses",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.",
"1.1": "8.6",
"Utilize an Active Discovery Tool": "Centralize Anti-Malware Logging",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Send all malware detection events to enterprise anti-malware administration tools and event log servers for analysis and alerting.",
"TBD": "TBD"
},
{
"1": "8",
"Inventory and Control of Hardware Assets": "Malware Defenses",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.",
"1.1": "8.7",
"Utilize an Active Discovery Tool": "Enable DNS Query Logging",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains.",
"TBD": "TBD"
},
{
"1": "8",
"Inventory and Control of Hardware Assets": "Malware Defenses",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action.",
"1.1": "8.8",
"Utilize an Active Discovery Tool": "Enable Command-Line Audit Logging",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Enable command-line audit logging for command shells, such as Microsoft PowerShell and Bash.",
"TBD": "TBD"
},
{
"1": "9",
"Inventory and Control of Hardware Assets": "Limitation and Control of Network Ports, Protocols, and Services",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage (track/control/correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.",
"1.1": "9.1",
"Utilize an Active Discovery Tool": "Associate Active Ports, Services and Protocols to Asset Inventory",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Associate active ports, services and protocols to the hardware assets in the asset inventory.",
"TBD": "TBD"
},
{
"1": "9",
"Inventory and Control of Hardware Assets": "Limitation and Control of Network Ports, Protocols, and Services",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage (track/control/correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.",
"1.1": "9.2",
"Utilize an Active Discovery Tool": "Ensure Only Approved Ports, Protocols and Services Are Running",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that only network ports, protocols, and services listening on a system with validated business needs are running on each system.",
"TBD": "TBD"
},
{
"1": "9",
"Inventory and Control of Hardware Assets": "Limitation and Control of Network Ports, Protocols, and Services",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage (track/control/correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.",
"1.1": "9.3",
"Utilize an Active Discovery Tool": "Perform Regular Automated Port Scans",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system.",
"TBD": "TBD"
},
{
"1": "9",
"Inventory and Control of Hardware Assets": "Limitation and Control of Network Ports, Protocols, and Services",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage (track/control/correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.",
"1.1": "9.4",
"Utilize an Active Discovery Tool": "Apply Host-Based Firewalls or Port Filtering",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Apply host-based firewalls or port filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.",
"TBD": "TBD"
},
{
"1": "9",
"Inventory and Control of Hardware Assets": "Limitation and Control of Network Ports, Protocols, and Services",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage (track/control/correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.",
"1.1": "9.5",
"Utilize an Active Discovery Tool": "Implement Application Firewalls",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Place application firewalls in front of any critical servers to verify and validate the traffic going to the server. Any unauthorized traffic should be blocked and logged.",
"TBD": "TBD"
},
{
"1": "10",
"Inventory and Control of Hardware Assets": "Data Recovery Capabilities",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.",
"1.1": "10.1",
"Utilize an Active Discovery Tool": "Ensure Regular Automated BackUps",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that all system data is automatically backed up on a regular basis.",
"TBD": "TBD"
},
{
"1": "10",
"Inventory and Control of Hardware Assets": "Data Recovery Capabilities",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.",
"1.1": "10.2",
"Utilize an Active Discovery Tool": "Perform Complete System Backups",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that all of the organization's key systems are backed up as a complete system, through processes such as imaging, to enable the quick recovery of an entire system.",
"TBD": "TBD"
},
{
"1": "10",
"Inventory and Control of Hardware Assets": "Data Recovery Capabilities",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.",
"1.1": "10.3",
"Utilize an Active Discovery Tool": "Test Data on Backup Media",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Test data integrity on backup media on a regular basis by performing a data restoration process to ensure that the backup is properly working.",
"TBD": "TBD"
},
{
"1": "10",
"Inventory and Control of Hardware Assets": "Data Recovery Capabilities",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.",
"1.1": "10.4",
"Utilize an Active Discovery Tool": "Ensure Protection of Backups",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that backups are properly protected via physical security or encryption when they are stored, as well as when they are moved across the network. This includes remote backups and cloud services.",
"TBD": "TBD"
},
{
"1": "10",
"Inventory and Control of Hardware Assets": "Data Recovery Capabilities",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.",
"1.1": "10.5",
"Utilize an Active Discovery Tool": "Ensure Backups Have At least One Non-Continuously Addressable Destination",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that all backups have at least one backup destination that is not continuously addressable through operating system calls.",
"TBD": "TBD"
},
{
"1": "11",
"Inventory and Control of Hardware Assets": "Secure Configuration for Network Devices, such as Firewalls, Routers and Switches",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.",
"1.1": "11.1",
"Utilize an Active Discovery Tool": "Maintain Standard Security Configurations for Network Devices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain standard, documented security configuration standards for all authorized network devices.",
"TBD": "TBD"
},
{
"1": "11",
"Inventory and Control of Hardware Assets": "Secure Configuration for Network Devices, such as Firewalls, Routers and Switches",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.",
"1.1": "11.2",
"Utilize an Active Discovery Tool": "Document Traffic Configuration Rules",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "All configuration rules that allow traffic to flow through network devices should be documented in a configuration management system with a specific business reason for each rule, a specific individual’s name responsible for that business need, and an expected duration of the need.",
"TBD": "TBD"
},
{
"1": "11",
"Inventory and Control of Hardware Assets": "Secure Configuration for Network Devices, such as Firewalls, Routers and Switches",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.",
"1.1": "11.3",
"Utilize an Active Discovery Tool": "Use Automated Tools to Verify Standard Device Configurations and Detect Changes",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Compare all network device configuration against approved security configurations defined for each network device in use and alert when any deviations are discovered.",
"TBD": "TBD"
},
{
"1": "11",
"Inventory and Control of Hardware Assets": "Secure Configuration for Network Devices, such as Firewalls, Routers and Switches",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.",
"1.1": "11.4",
"Utilize an Active Discovery Tool": "Install the Latest Stable Version of Any Security-Related Updates on All Network Devices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Install the latest stable version of any security-related updates on all network devices.",
"TBD": "TBD"
},
{
"1": "11",
"Inventory and Control of Hardware Assets": "Secure Configuration for Network Devices, such as Firewalls, Routers and Switches",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.",
"1.1": "11.5",
"Utilize an Active Discovery Tool": "Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Manage all network devices using multi-factor authentication and encrypted sessions.",
"TBD": "TBD"
},
{
"1": "11",
"Inventory and Control of Hardware Assets": "Secure Configuration for Network Devices, such as Firewalls, Routers and Switches",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.",
"1.1": "11.6",
"Utilize an Active Discovery Tool": "Use Dedicated Machines For All Network Administrative Tasks",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure network engineers use a dedicated machine for all administrative tasks or tasks requiring elevated access. This machine shall be segmented from the organization's primary network and not be allowed Internet access. This machine shall not be used for reading e-mail, composing documents, or surfing the Internet.",
"TBD": "TBD"
},
{
"1": "11",
"Inventory and Control of Hardware Assets": "Secure Configuration for Network Devices, such as Firewalls, Routers and Switches",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.",
"1.1": "11.7",
"Utilize an Active Discovery Tool": "Manage Network Infrastructure Through a Dedicated Network",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Manage the network infrastructure across network connections that are separated from the business use of that network, relying on separate VLANs or, preferably, on entirely different physical connectivity for management sessions for network devices.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.1",
"Utilize an Active Discovery Tool": "Maintain an Inventory of Network Boundaries",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain an up-to-date inventory of all of the organization's network boundaries.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.2",
"Utilize an Active Discovery Tool": "Scan for Unauthorized Connections across Trusted Network Boundaries",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Perform regular scans from outside each trusted network boundary to detect any unauthorized connections which are accessible across the boundary.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.3",
"Utilize an Active Discovery Tool": "Deny Communications with Known Malicious IP Addresses",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deny communications with known malicious or unused Internet IP addresses and limit access only to trusted and necessary IP address ranges at each of the organization's network boundaries,.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.4",
"Utilize an Active Discovery Tool": "Deny Communication over Unauthorized Ports",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deny communication over unauthorized TCP or UDP ports or application traffic to ensure that only authorized protocols are allowed to cross the network boundary in or out of the network at each of the organization's network boundaries.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.5",
"Utilize an Active Discovery Tool": "Configure Monitoring Systems to Record Network Packets",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Configure monitoring systems to record network packets passing through the boundary at each of the organization's network boundaries.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.6",
"Utilize an Active Discovery Tool": "Deploy Network-Based IDS Sensors",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deploy network-based Intrusion Detection Systems (IDS) sensors to look for unusual attack mechanisms and detect compromise of these systems at each of the organization's network boundaries.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.7",
"Utilize an Active Discovery Tool": "Deploy Network-Based Intrusion Prevention Systems",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deploy network-based Intrusion Prevention Systems (IPS) to block malicious network traffic at each of the organization's network boundaries.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.8",
"Utilize an Active Discovery Tool": "Deploy NetFlow Collection on Networking Boundary Devices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Enable the collection of NetFlow and logging data on all network boundary devices.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.9",
"Utilize an Active Discovery Tool": "Deploy Application Layer Filtering Proxy Server",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that all network traffic to or from the Internet passes through an authenticated application layer proxy that is configured to filter unauthorized connections.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.10",
"Utilize an Active Discovery Tool": "Decrypt Network Traffic at Proxy",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Decrypt all encrypted network traffic at the boundary proxy prior to analyzing the content. However, the organization may use whitelists of allowed sites that can be accessed through the proxy without decrypting the traffic.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.11",
"Utilize an Active Discovery Tool": "Require All Remote Login to Use Multi-Factor Authentication",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Require all remote login access to the organization's network to encrypt data in transit and use multi-factor authentication.",
"TBD": "TBD"
},
{
"1": "12",
"Inventory and Control of Hardware Assets": "Boundary Defense",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.",
"1.1": "12.12",
"Utilize an Active Discovery Tool": "Manage All Devices Remotely Logging into Internal Network",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Scan all enterprise devices remotely logging into the organization's network prior to accessing the network to ensure that each of the organization's security policies has been enforced in the same manner as local network devices.",
"TBD": "TBD"
},
{
"1": "13",
"Inventory and Control of Hardware Assets": "Data Protection",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.",
"1.1": "13.1",
"Utilize an Active Discovery Tool": "Maintain an Inventory of Sensitive Information",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain an inventory of all sensitive information stored, processed, or transmitted by the organization's technology systems, including those located on-site or at a remote service provider.",
"TBD": "TBD"
},
{
"1": "13",
"Inventory and Control of Hardware Assets": "Data Protection",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.",
"1.1": "13.2",
"Utilize an Active Discovery Tool": "Remove Sensitive Data or Systems Not Regularly Accessed by Organization",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Remove sensitive data or systems not regularly accessed by the organization from the network. These systems shall only be used as stand alone systems (disconnected from the network) by the business unit needing to occasionally use the system or completely virtualized and powered off until needed.",
"TBD": "TBD"
},
{
"1": "13",
"Inventory and Control of Hardware Assets": "Data Protection",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.",
"1.1": "13.3",
"Utilize an Active Discovery Tool": "Monitor and Block Unauthorized Network Traffic",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deploy an automated tool on network perimeters that monitors for unauthorized transfer of sensitive information and blocks such transfers while alerting information security professionals.",
"TBD": "TBD"
},
{
"1": "13",
"Inventory and Control of Hardware Assets": "Data Protection",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.",
"1.1": "13.4",
"Utilize an Active Discovery Tool": "Only Allow Access to Authorized Cloud Storage or Email Providers",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Only allow access to authorized cloud storage or email providers.",
"TBD": "TBD"
},
{
"1": "13",
"Inventory and Control of Hardware Assets": "Data Protection",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.",
"1.1": "13.5",
"Utilize an Active Discovery Tool": "Monitor and Detect Any Unauthorized Use of Encryption",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Monitor all traffic leaving the organization and detect any unauthorized use of encryption.",
"TBD": "TBD"
},
{
"1": "13",
"Inventory and Control of Hardware Assets": "Data Protection",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.",
"1.1": "13.6",
"Utilize an Active Discovery Tool": "Encrypt the Hard Drive of All Mobile Devices.",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize approved whole disk encryption software to encrypt the hard drive of all mobile devices.",
"TBD": "TBD"
},
{
"1": "13",
"Inventory and Control of Hardware Assets": "Data Protection",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.",
"1.1": "13.7",
"Utilize an Active Discovery Tool": "Manage USB Devices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "If USB storage devices are required, enterprise software should be used that can configure systems to allow the use of specific devices. An inventory of such devices should be maintained.",
"TBD": "TBD"
},
{
"1": "13",
"Inventory and Control of Hardware Assets": "Data Protection",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.",
"1.1": "13.8",
"Utilize an Active Discovery Tool": "Manage System's External Removable Media's Read/Write Configurations",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Configure systems not to write data to external removable media, if there is no business need for supporting such devices.",
"TBD": "TBD"
},
{
"1": "13",
"Inventory and Control of Hardware Assets": "Data Protection",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.",
"1.1": "13.9",
"Utilize an Active Discovery Tool": "Encrypt Data on USB Storage Devices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "If USB storage devices are required, all data stored on such devices must be encrypted while at rest.",
"TBD": "TBD"
},
{
"1": "14",
"Inventory and Control of Hardware Assets": "Controlled Access Based on the Need to Know",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.",
"1.1": "14.1",
"Utilize an Active Discovery Tool": "Segment the Network Based on Sensitivity",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Segment the network based on the label or classification level of the information stored on the servers, locate all sensitive information on separated Virtual Local Area Networks (VLANs).",
"TBD": "TBD"
},
{
"1": "14",
"Inventory and Control of Hardware Assets": "Controlled Access Based on the Need to Know",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.",
"1.1": "14.2",
"Utilize an Active Discovery Tool": "Enable Firewall Filtering Between VLANs",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Enable firewall filtering between VLANs to ensure that only authorized systems are able to communicate with other systems necessary to fulfill their specific responsibilities.",
"TBD": "TBD"
},
{
"1": "14",
"Inventory and Control of Hardware Assets": "Controlled Access Based on the Need to Know",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.",
"1.1": "14.3",
"Utilize an Active Discovery Tool": "Disable Workstation to Workstation Communication",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Disable all workstation to workstation communication to limit an attacker's ability to move laterally and compromise neighboring systems, through technologies such as Private VLANs or micro segmentation.",
"TBD": "TBD"
},
{
"1": "14",
"Inventory and Control of Hardware Assets": "Controlled Access Based on the Need to Know",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.",
"1.1": "14.4",
"Utilize an Active Discovery Tool": "Encrypt All Sensitive Information in Transit",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Encrypt all sensitive information in transit.",
"TBD": "TBD"
},
{
"1": "14",
"Inventory and Control of Hardware Assets": "Controlled Access Based on the Need to Know",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.",
"1.1": "14.5",
"Utilize an Active Discovery Tool": "Utilize an Active Discovery Tool to Identify Sensitive Data",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Utilize an active discovery tool to identify all sensitive information stored, processed, or transmitted by the organization's technology systems, including those located on-site or at a remote service provider, and update the organization's sensitive information inventory.",
"TBD": "TBD"
},
{
"1": "14",
"Inventory and Control of Hardware Assets": "Controlled Access Based on the Need to Know",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.",
"1.1": "14.6",
"Utilize an Active Discovery Tool": "Protect Information through Access Control Lists",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Protect all information stored on systems with file system, network share, claims, application, or database specific access control lists. These controls will enforce the principle that only authorized individuals should have access to the information based on their need to access the information as a part of their responsibilities.",
"TBD": "TBD"
},
{
"1": "14",
"Inventory and Control of Hardware Assets": "Controlled Access Based on the Need to Know",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.",
"1.1": "14.7",
"Utilize an Active Discovery Tool": "Enforce Access Control to Data through Automated Tools",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use an automated tool, such as host-based Data Loss Prevention, to enforce access controls to data even when data is copied off a system.",
"TBD": "TBD"
},
{
"1": "14",
"Inventory and Control of Hardware Assets": "Controlled Access Based on the Need to Know",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.",
"1.1": "14.8",
"Utilize an Active Discovery Tool": "Encrypt Sensitive Information at Rest",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Encrypt all sensitive information at rest using a tool that requires a secondary authentication mechanism not integrated into the operating system, in order to access the information.",
"TBD": "TBD"
},
{
"1": "14",
"Inventory and Control of Hardware Assets": "Controlled Access Based on the Need to Know",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.",
"1.1": "14.9",
"Utilize an Active Discovery Tool": "Enforce Detail Logging for Access or Changes to Sensitive Data",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Enforce detailed audit logging for access to sensitive data or changes to sensitive data (utilizing tools such as File Integrity Monitoring or Security Information and Event Monitoring).",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.1",
"Utilize an Active Discovery Tool": "Maintain an Inventory of Authorized Wireless Access Points",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain an inventory of authorized wireless access points connected to the wired network.",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.2",
"Utilize an Active Discovery Tool": "Detect Wireless Access Points Connected to the Wired Network",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Configure network vulnerability scanning tools to detect and alert on unauthorized wireless access points connected to the wired network.",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.3",
"Utilize an Active Discovery Tool": "Use a Wireless Intrusion Detection System",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use a wireless intrusion detection system (WIDS) to detect and alert on unauthorized wireless access points connected to the network.",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.4",
"Utilize an Active Discovery Tool": "Disable Wireless Access on Devices if Not Required",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Disable wireless access on devices that do not have a business purpose for wireless access.",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.5",
"Utilize an Active Discovery Tool": "Limit Wireless Access on Client Devices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Configure wireless access on client machines that do have an essential wireless business purpose, to allow access only to authorized wireless networks and to restrict access to other wireless networks.",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.6",
"Utilize an Active Discovery Tool": "Disable Peer-to-Peer Wireless Network Capabilities on Wireless Clients",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Disable peer-to-peer (ad hoc) wireless network capabilities on wireless clients.",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.7",
"Utilize an Active Discovery Tool": "Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless Data",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Leverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit.",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.8",
"Utilize an Active Discovery Tool": "Use Wireless Authentication Protocols that Require Mutual, Multi-Factor Authentication",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that wireless networks use authentication protocols such as Extensible Authentication Protocol-Transport Layer Security (EAP/TLS), which requires mutual, multi-factor authentication.",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.9",
"Utilize an Active Discovery Tool": "Disable Wireless Peripheral Access of Devices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Disable wireless peripheral access of devices (such as Bluetooth and NFC), unless such access is required for a business purpose.",
"TBD": "TBD"
},
{
"1": "15",
"Inventory and Control of Hardware Assets": "Wireless Access Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.",
"1.1": "15.10",
"Utilize an Active Discovery Tool": "Create Separate Wireless Network for Personal and Untrusted Devices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Create a separate wireless network for personal or untrusted devices. Enterprise access from this network should be treated as untrusted and filtered and audited accordingly.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.1",
"Utilize an Active Discovery Tool": "Maintain an Inventory of Authentication Systems",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain an inventory of each of the organization's authentication systems, including those located on-site or at a remote service provider.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.2",
"Utilize an Active Discovery Tool": "Configure Centralized Point of Authentication",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Configure access for all accounts through as few centralized points of authentication as possible, including network, security, and cloud systems.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.3",
"Utilize an Active Discovery Tool": "Require Multi-Factor Authentication",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Require multi-factor authentication for all user accounts, on all systems, whether managed on-site or by a third-party provider.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.4",
"Utilize an Active Discovery Tool": "Encrypt or Hash all Authentication Credentials",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Encrypt or hash with a salt all authentication credentials when stored.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.5",
"Utilize an Active Discovery Tool": "Encrypt Transmittal of Username and Authentication Credentials",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.6",
"Utilize an Active Discovery Tool": "Maintain an Inventory of Accounts",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain an inventory of all accounts organized by authentication system.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.7",
"Utilize an Active Discovery Tool": "Establish Process for Revoking Access",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Establish and follow an automated process for revoking system access by disabling accounts immediately upon termination or change of responsibilities of an employee or contractor . Disabling these accounts, instead of deleting accounts, allows preservation of audit trails.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.8",
"Utilize an Active Discovery Tool": "Disable Any Unassociated Accounts",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Disable any account that cannot be associated with a business process or business owner.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.9",
"Utilize an Active Discovery Tool": "Disable Dormant Accounts",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Automatically disable dormant accounts after a set period of inactivity.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.10",
"Utilize an Active Discovery Tool": "Ensure All Accounts Have An Expiration Date",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that all accounts have an expiration date that is monitored and enforced.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.11",
"Utilize an Active Discovery Tool": "Lock Workstation Sessions After Inactivity",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Automatically lock workstation sessions after a standard period of inactivity.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.12",
"Utilize an Active Discovery Tool": "Monitor Attempts to Access Deactivated Accounts",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Monitor attempts to access deactivated accounts through audit logging.",
"TBD": "TBD"
},
{
"1": "16",
"Inventory and Control of Hardware Assets": "Account Monitoring and Control",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Actively manage the life cycle of system and application accounts - their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them.",
"1.1": "16.13",
"Utilize an Active Discovery Tool": "Alert on Account Login Behavior Deviation",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Alert when users deviate from normal login behavior, such as time-of-day, workstation location and duration.",
"TBD": "TBD"
},
{
"1": "17",
"Inventory and Control of Hardware Assets": "Implement a Security Awareness and Training Program",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.",
"1.1": "17.1",
"Utilize an Active Discovery Tool": "Perform a Skills Gap Analysis",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Perform a skills gap analysis to understand the skills and behaviors workforce members are not adhering to, using this information to build a baseline education roadmap.",
"TBD": "TBD"
},
{
"1": "17",
"Inventory and Control of Hardware Assets": "Implement a Security Awareness and Training Program",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.",
"1.1": "17.2",
"Utilize an Active Discovery Tool": "Deliver Training to Fill the Skills Gap",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Deliver training to address the skills gap identified to positively impact workforce members' security behavior.",
"TBD": "TBD"
},
{
"1": "17",
"Inventory and Control of Hardware Assets": "Implement a Security Awareness and Training Program",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.",
"1.1": "17.3",
"Utilize an Active Discovery Tool": "Implement a Security Awareness Program",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Create a security awareness program for all workforce members to complete on a regular basis to ensure they understand and exhibit the necessary behaviors and skills to help ensure the security of the organization. The organization's security awareness program should be communicated in a continuous and engaging manner.",
"TBD": "TBD"
},
{
"1": "17",
"Inventory and Control of Hardware Assets": "Implement a Security Awareness and Training Program",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.",
"1.1": "17.4",
"Utilize an Active Discovery Tool": "Update Awareness Content Frequently",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that the organization's security awareness program is updated frequently (at least annually) to address new technologies, threats, standards and business requirements.",
"TBD": "TBD"
},
{
"1": "17",
"Inventory and Control of Hardware Assets": "Implement a Security Awareness and Training Program",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.",
"1.1": "17.5",
"Utilize an Active Discovery Tool": "Train Workforce on Secure Authentication",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Train workforce members on the importance of enabling and utilizing secure authentication.",
"TBD": "TBD"
},
{
"1": "17",
"Inventory and Control of Hardware Assets": "Implement a Security Awareness and Training Program",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.",
"1.1": "17.6",
"Utilize an Active Discovery Tool": "Train Workforce on Identifying Social Engineering Attacks",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Train the workforce on how to identify different forms of social engineering attacks, such as phishing, phone scams and impersonation calls.",
"TBD": "TBD"
},
{
"1": "17",
"Inventory and Control of Hardware Assets": "Implement a Security Awareness and Training Program",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.",
"1.1": "17.7",
"Utilize an Active Discovery Tool": "Train Workforce on Sensitive Data Handling",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Train workforce on how to identify and properly store, transfer, archive and destroy sensitive information.",
"TBD": "TBD"
},
{
"1": "17",
"Inventory and Control of Hardware Assets": "Implement a Security Awareness and Training Program",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.",
"1.1": "17.8",
"Utilize an Active Discovery Tool": "Train Workforce on Causes of Unintentional Data Exposure",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Train workforce members to be aware of causes for unintentional data exposures, such as losing their mobile devices or emailing the wrong person due to autocomplete in email.",
"TBD": "TBD"
},
{
"1": "17",
"Inventory and Control of Hardware Assets": "Implement a Security Awareness and Training Program",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.",
"1.1": "17.9",
"Utilize an Active Discovery Tool": "Train Workforce Members on Identifying and Reporting Incidents",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Train employees to be able to identify the most common indicators of an incident and be able to report such an incident.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.1",
"Utilize an Active Discovery Tool": "Establish Secure Coding Practices",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Establish secure coding practices appropriate to the programming language and development environment being used.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.2",
"Utilize an Active Discovery Tool": "Ensure Explicit Error Checking is Performed for All In-House Developed Software",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "For in-house developed software, ensure that explicit error checking is performed and documented for all input, including for size, data type, and acceptable ranges or formats.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.3",
"Utilize an Active Discovery Tool": "Verify That Acquired Software is Still Supported",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Verify that the version of all software acquired from outside your organization is still supported by the developer or appropriately hardened based on developer security recommendations.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.4",
"Utilize an Active Discovery Tool": "Only Use Up-to-Date And Trusted Third-Party Components",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Only use up-to-date and trusted third-party components for the software developed by the organization.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.5",
"Utilize an Active Discovery Tool": "Use Only Standardized and Extensively Reviewed Encryption Algorithms",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use only standardized and extensively reviewed encryption algorithms.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.6",
"Utilize an Active Discovery Tool": "Ensure Software Development Personnel are Trained in Secure Coding",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that all software development personnel receive training in writing secure code for their specific development environment and responsibilities.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.7",
"Utilize an Active Discovery Tool": "Apply Static and Dynamic Code Analysis Tools",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Apply static and dynamic analysis tools to verify that secure coding practices are being adhered to for internally developed software.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.8",
"Utilize an Active Discovery Tool": "Establish a Process to Accept and Address Reports of Software Vulnerabilities",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Establish a process to accept and address reports of software vulnerabilities, including providing a means for external entities to contact your security group.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.9",
"Utilize an Active Discovery Tool": "Separate Production and Non-Production Systems",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Maintain separate environments for production and non-production systems. Developers should not have unmonitored access to production environments.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.10",
"Utilize an Active Discovery Tool": "Deploy Web Application Firewalls (WAFs)",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Protect web applications by deploying web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks. For applications that are not web-based, specific application firewalls should be deployed if such tools are available for the given application type. If the traffic is encrypted, the device should either sit behind the encryption or be capable of decrypting the traffic prior to analysis. If neither option is appropriate, a host-based web application firewall should be deployed.",
"TBD": "TBD"
},
{
"1": "18",
"Inventory and Control of Hardware Assets": "Application Software Security",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.",
"1.1": "18.11",
"Utilize an Active Discovery Tool": "Use Standard Hardening Configuration Templates for Databases",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "For applications that rely on a database, use standard hardening configuration templates. All systems that are part of critical business processes should also be tested.",
"TBD": "TBD"
},
{
"1": "19",
"Inventory and Control of Hardware Assets": "Incident Response and Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.",
"1.1": "19.1",
"Utilize an Active Discovery Tool": "Document Incident Response Procedures",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Ensure that there are written incident response plans that define roles of personnel as well as phases of incident handling/management.",
"TBD": "TBD"
},
{
"1": "19",
"Inventory and Control of Hardware Assets": "Incident Response and Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.",
"1.1": "19.2",
"Utilize an Active Discovery Tool": "Assign Job Titles and Duties for Incident Response",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Assign job titles and duties for handling computer and network incidents to specific individuals and ensure tracking and documentation throughout the incident through resolution.",
"TBD": "TBD"
},
{
"1": "19",
"Inventory and Control of Hardware Assets": "Incident Response and Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.",
"1.1": "19.3",
"Utilize an Active Discovery Tool": "Designate Management Personnel to Support Incident Handling",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Designate management personnel, as well as backups, who will support the incident handling process by acting in key decision-making roles.",
"TBD": "TBD"
},
{
"1": "19",
"Inventory and Control of Hardware Assets": "Incident Response and Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.",
"1.1": "19.4",
"Utilize an Active Discovery Tool": "Devise Organization-wide Standards for Reporting Incidents",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Devise organization-wide standards for the time required for system administrators and other workforce members to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification.",
"TBD": "TBD"
},
{
"1": "19",
"Inventory and Control of Hardware Assets": "Incident Response and Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.",
"1.1": "19.5",
"Utilize an Active Discovery Tool": "Maintain Contact Information For Reporting Security Incidents",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Assemble and maintain information on third-party contact information to be used to report a security incident, such as Law Enforcement, relevant government departments, vendors, and ISAC partners.",
"TBD": "TBD"
},
{
"1": "19",
"Inventory and Control of Hardware Assets": "Incident Response and Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.",
"1.1": "19.6",
"Utilize an Active Discovery Tool": "Publish Information Regarding Reporting Computer Anomalies and Incidents",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Publish information for all workforce members, regarding reporting computer anomalies and incidents to the incident handling team. Such information should be included in routine employee awareness activities.",
"TBD": "TBD"
},
{
"1": "19",
"Inventory and Control of Hardware Assets": "Incident Response and Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.",
"1.1": "19.7",
"Utilize an Active Discovery Tool": "Conduct Periodic Incident Scenario Sessions for Personnel",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Plan and conduct routine incident, response exercises and scenarios for the workforce involved in the incident response to maintain awareness and comfort in responding to real world threats. Exercises should test communication channels, decision making, and incident responders technical capabilities using tools and data available to them.",
"TBD": "TBD"
},
{
"1": "19",
"Inventory and Control of Hardware Assets": "Incident Response and Management",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.",
"1.1": "19.8",
"Utilize an Active Discovery Tool": "Create Incident Scoring and Prioritization Schema",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Create incident scoring and prioritization schema based on known or potential impact to your organization. Utilize score to define frequency of status updates and escalation procedures.",
"TBD": "TBD"
},
{
"1": "20",
"Inventory and Control of Hardware Assets": "Penetration Tests and Red Team Exercises",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.",
"1.1": "20.1",
"Utilize an Active Discovery Tool": "Establish a Penetration Testing Program",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Establish a program for penetration tests that includes a full scope of blended attacks, such as wireless, client-based, and web application attacks.",
"TBD": "TBD"
},
{
"1": "20",
"Inventory and Control of Hardware Assets": "Penetration Tests and Red Team Exercises",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.",
"1.1": "20.2",
"Utilize an Active Discovery Tool": "Conduct Regular External and Internal Penetration Tests",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Conduct regular external and internal penetration tests to identify vulnerabilities and attack vectors that can be used to exploit enterprise systems successfully.",
"TBD": "TBD"
},
{
"1": "20",
"Inventory and Control of Hardware Assets": "Penetration Tests and Red Team Exercises",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.",
"1.1": "20.3",
"Utilize an Active Discovery Tool": "Perform Periodic Red Team Exercises",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Perform periodic Red Team exercises to test organizational readiness to identify and stop attacks or to respond quickly and effectively.",
"TBD": "TBD"
},
{
"1": "20",
"Inventory and Control of Hardware Assets": "Penetration Tests and Red Team Exercises",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.",
"1.1": "20.4",
"Utilize an Active Discovery Tool": "Include Tests for Presence of Unprotected System Information and Artifacts",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Include tests for the presence of unprotected system information and artifacts that would be useful to attackers, including network diagrams, configuration files, older penetration test reports, e-mails or documents containing passwords or other information critical to system operation.",
"TBD": "TBD"
},
{
"1": "20",
"Inventory and Control of Hardware Assets": "Penetration Tests and Red Team Exercises",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.",
"1.1": "20.5",
"Utilize an Active Discovery Tool": "Create Test Bed for Elements Not Typically Tested in Production",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Create a test bed that mimics a production environment for specific penetration tests and Red Team attacks against elements that are not typically tested in production, such as attacks against supervisory control and data acquisition and other control systems.",
"TBD": "TBD"
},
{
"1": "20",
"Inventory and Control of Hardware Assets": "Penetration Tests and Red Team Exercises",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.",
"1.1": "20.6",
"Utilize an Active Discovery Tool": "Use Vulnerability Scanning and Penetration Testing Tools in Concert",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Use vulnerability scanning and penetration testing tools in concert. The results of vulnerability scanning assessments should be used as a starting point to guide and focus penetration testing efforts.",
"TBD": "TBD"
},
{
"1": "20",
"Inventory and Control of Hardware Assets": "Penetration Tests and Red Team Exercises",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.",
"1.1": "20.7",
"Utilize an Active Discovery Tool": "Ensure Results from Penetration Test are Documented Using Open, Machine-readable Standards",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Wherever possible, ensure that Red Team results are documented using open, machine-readable standards (e.g., SCAP). Devise a scoring method for determining the results of Red Team exercises so that results can be compared over time.",
"TBD": "TBD"
},
{
"1": "20",
"Inventory and Control of Hardware Assets": "Penetration Tests and Red Team Exercises",
"Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.": "Test the overall strength of an organization's defense (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.",
"1.1": "20.8",
"Utilize an Active Discovery Tool": "Control and Monitor Accounts Associated with Penetration Testing",
"Utilize an active discovery tool to identify devices connected to the organization's network and update the hardware asset inventory.": "Any user or system accounts used to perform penetration testing should be controlled and monitored to make sure they are only being used for legitimate purposes, and are removed or restored to normal function after testing is over.",
"TBD": "TBD"
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment