Approximately 85% of cyberattacks can be prevented by implementing the Center for Internet Security (CIS) Top 5 Controls framework. The entire CIS Top 20 Controls framework helps organizations combat the most pervasive and dangerous cyberattacks, but the first five can help prevent a high percentage of those.
The CIS Top 5 Controls include the following:
- Inventory and Control of Hardware Assets
All hardware devices should be actively managed and tracked to ensure that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.
- Utilize an active discovery tool
- Use a passive asset discovery tool
- Use DHCP logging to update asset inventory
- Maintain detailed asset inventory
- Maintain asset inventory information
- Address unauthorized assets
- Deploy port level access control
- Utilize client certificates to authenticate hardware assets
- Inventory and Control of Software Assets
Same as hardware above – all software should be tracked, inventoried and managed so that only authorized users and authorized software can be installed and executed.
- Maintain inventory of authorized software
- Ensure software is supported by vendor
- Utilize software inventory tools
- Track software inventory information
- Integrate software and hardware asset inventories
- Address unapproved software
- Utilize application whitelisting
- Implement application whitelisting of libraries
- Implement application whitelisting of scripts
- Physically or logically segregate high-risk applications
- Continuous Vulnerability Management
Ongoing assessments and testing to identify vulnerabilities is very important to maintain secure systems. Any issues detected should be identified and remediated as soon as possible to reduce the window of potential risk.
- Run automated vulnerability scanning tools
- Perform authenticated vulnerability scanning
- Protect dedicated assessment accounts
- Deploy automated operating system patch management tools
- Deploy automated software patch management tools
- Compare back-to-back vulnerability scans
- Utilize a risk-rating process
- Controlled Use of Administrative Privileges
The processes and tools used to track/control/prevent/correct the use, assignment and configuration of administrative privileges on computers, networks, and applications.
- Maintain inventory of administrative accounts
- Change default passwords
- Ensure the use of dedicated administrative accounts
- Use unique passwords
- Use multi-factor authentication for all administrative access
- Use dedicated workstations for all administrative tasks
- Limit access to script tools
- Log and alert on changes to administrative group membership
- Log and alert on unsuccessful administrative account login
- Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
Establish, implement and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
- Establish secure configurations
- Maintain secure images
- Securely store master images
- Deploy system configuration management tools
- Implement automated configuration monitoring systems
