CYBER SECURITY \ TOP 20 CIS CRITICAL CONTROLS
Top 20 CIS Critical Controls
What are the CIS Controls
The Center for Internet Security (CIS) Controls are published set of safeguards to mitigate the most prevalent cyber-attacks against systems and networks.
Developed using best practices from the global IT community, these controls create a framework of real-world actions gathered from seasoned security experts and leading enterprises to help every organization strengthen their security posture and take a more proactive approach to security.
Unlike other Cyber Security Frameworks like NIST Cyber Security Framework which provide a high-level strategic framework, the CIS Controls prescribe tactical guidance which is easy to follow and understand. The CIS Controls map to various standards including the NIST CSF, ISO, PCI and others.
The CIS Controls were designed to scale across organizations of any size. Many organizations use the CIS Controls to guide their entire security strategy, while for others the CIS controls are often the first structured framework they utilize on their journey towards Cyber Security Maturity. The CIS Controls were also designed in a sequence that allows you to follow a foundational blueprint while gradually improving your security posture and reducing your exposure to risk.
Top 20 CIS Critical Security Controls
The Top 20 controls provide a trusted framework for establishing your security program because they are widely adopted and universally applicable to information security and IT governance.
The Top 20 CIS controls are divided into three categories: basic, foundational, and organizational. Basic controls should be implemented in every organization. After that, implementing foundational controls paves the way for organizational controls that focus more on people, processes, and workflows.
Basic Controls
Inventory and Control of Hardware Assets
Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.
Inventory and Control of Software Assets
Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that all unauthorized and unmanaged software is found and prevented from installation or execution.
Continuous Vulnerability Management
Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.
Controlled Use of Administrative Privileges
Use processes and tools to track / control / prevent / correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.
Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process to prevent attackers from exploiting vulnerable services and settings.
Maintenance, Monitoring, and Analysis of Audit Logs
Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.
Foundational Controls
Email and Web Browser Protections
Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with web browsers and email systems.
Malware Defences
Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defence, data gathering, and corrective action.
Limitation and Control of Ports, Protocols, and Services
Manage (track, control, correct) the ongoing operational use of ports, protocols, and services on networked devices to minimize windows of vulnerability available to attackers.
Data Recovery Capabilities
Use processes and tools to properly back up critical information with a proven methodology for timely recovery of it.
Secure Configuration for Network Devices Such as Firewalls, Routers, and Switches
Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
Boundary Defence
Improve the overall architecture and implementation of both internet and internal network boundary points.
Data Protection
Use processes and tools to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.
Controlled Access Based on the Need to Know
Use processes and tools to track / control / prevent / correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access them based on an approved classification.
Wireless Access Control
Use processes and tools to track / control / prevent / correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.
Account Monitoring and Control
Actively manage the life cycle of system and application accounts—their creation, use, dormancy, deletion—in order to minimize opportunities for attackers to leverage them.
Organizational Controls
Implement a Security Awareness and Training Program
Identify the specific knowledge, skills, and abilities needed for all functional roles in the organization (prioritizing those mission-critical to the business and its security), to support the defence of the enterprise; develop and execute an integrated plan to assess periodically, identify gaps, and remediate through policy organizational planning, training, and awareness programs.
Application Software Security
Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.
Incident Response and Management
Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) to quickly discover attacks and effectively contain any damage, eradicate attacker’s presence, and restore the integrity of the network and systems.
Penetration Tests and Red Team Exercises
Test the overall strength of an organization’s defence (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.