Close this search box.
Home / Articles / Top 5 Controls for Securing your Environment

Top 5 Controls for Securing your Environment

October 18, 2019


Approximately 85% of cyberattacks can be prevented by implementing the Center for Internet Security (CIS) Top 5 Controls framework. The entire CIS Top 20 Controls framework helps organizations combat the most pervasive and dangerous cyberattacks, but the first five can help prevent a high percentage of those.

The CIS Top 5 Controls include the following:

  1. Inventory and Control of Hardware Assets

All hardware devices should be actively managed and tracked to ensure that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.

  • Utilize an active discovery tool
  • Use a passive asset discovery tool
  • Use DHCP logging to update asset inventory
  • Maintain detailed asset inventory
  • Maintain asset inventory information
  • Address unauthorized assets
  • Deploy port level access control
  • Utilize client certificates to authenticate hardware assets
  1. Inventory and Control of Software Assets

Same as hardware above – all software should be tracked, inventoried and managed so that only authorized users and authorized software can be installed and executed.

  • Maintain inventory of authorized software
  • Ensure software is supported by vendor
  • Utilize software inventory tools
  • Track software inventory information
  • Integrate software and hardware asset inventories
  • Address unapproved software
  • Utilize application whitelisting
  • Implement application whitelisting of libraries
  • Implement application whitelisting of scripts
  • Physically or logically segregate high-risk applications
  1. Continuous Vulnerability Management

Ongoing assessments and testing to identify vulnerabilities is very important to maintain secure systems. Any issues detected should be identified and remediated as soon as possible to reduce the window of potential risk.

  • Run automated vulnerability scanning tools
  • Perform authenticated vulnerability scanning
  • Protect dedicated assessment accounts
  • Deploy automated operating system patch management tools
  • Deploy automated software patch management tools
  • Compare back-to-back vulnerability scans
  • Utilize a risk-rating process
  1. Controlled Use of Administrative Privileges

The processes and tools used to track/control/prevent/correct the use, assignment and configuration of administrative privileges on computers, networks, and applications.

  • Maintain inventory of administrative accounts
  • Change default passwords
  • Ensure the use of dedicated administrative accounts
  • Use unique passwords
  • Use multi-factor authentication for all administrative access
  • Use dedicated workstations for all administrative tasks
  • Limit access to script tools
  • Log and alert on changes to administrative group membership
  • Log and alert on unsuccessful administrative account login
  1. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

Establish, implement and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.

  • Establish secure configurations
  • Maintain secure images
  • Securely store master images
  • Deploy system configuration management tools
  • Implement automated configuration monitoring systems

All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a Clark Schaefer Hackett professional. Clark Schaefer Hackett will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.


Related Articles


2 Min Read

Is Manufacturing Technology in Industry 4.0 or Industry 5.0?


2 Min Read

Leveraging AI to Add Value to Your Business


2 Min Read

Navigating SOX: How Compliance Shapes Trust and Stability 


2 Min Read

The Vital Imperative: Why Businesses Must Undertake Risk Assessments 


2 Min Read

The Latest on Cybersecurity Regulations from the SEC


2 Min Read

IT Audit Guide for Ohio Sports Gaming: Rule 3775-16-20

Get in Touch.

What service are you looking for? We'll match you with an experienced advisor, who will help you find an effective and sustainable solution.

  • Hidden
  • This field is for validation purposes and should be left unchanged.