March 1, 2017 by

CIS Critical Security Controls

CIS Critical Security Controls specifies and recommends the appropriate actions for organizations to take to improve their critical infrastructure.

Although organizations are taking preventative measures and securing their networks, systems are still being compromised on a regular basis. It is recommended to secure your cyber defenses with CIS Critical Security Controls. These controls are a set of blueprints that prioritize a small number actions that help detect and respond to 60-70% of attacks seen today. This short list consists of effective, high-priority defense actions for every organization to improve their cyber defenses.

The 20 CIS Critical Security Controls include:

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software
  3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  4. Continuous Vulnerability Assessment and Remediation
  5. Controlled Use of Administrative Privileges
  6. Maintenance, Monitoring, and Analysis of Audit Logs
  7. Email and Web Browser Protections
  8. Malware Defenses
  9. Limitation and Control of Network Ports, Protocols, and Services
  10. Data Recovery Capability
  11. Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
  12. Boundary Defense
  13. Data Protection
  14. Controlled Access Based on the Need to Know
  15. Wireless Access Control
  16. Account Monitoring and Control
  17. Security Skills Assessment and Appropriate Training to Fill Gaps
  18. Application Software Security
  19. Incident Response and Management
  20. Penetration Tests and Red Team Exercises

The top five CIS Critical Security Controls and how to apply them:

CSC 1: Active managing and monitoring of hardware devices to ensure only authorized devices gain access to the network to reduce the possibility of an attacker exploiting the vulnerable and unauthorized systems. The hardware devices should include any device with an IP address such as printers, Voice Over IP phones, servers, mobile devices, or mainframes. To successfully apply CSC 1; identify all devices, keep a list of the inventory, and constantly maintain updates.

CSC 2: Unauthorized and unprotected software is identified and prevented from executing malicious attacks to increase your visibility by allowing you to locate unauthorized software. To successfully apply CSC 2; identify and create a list of all authorized software and deploy tools for the software. Regularly manage all software through scanning and updating, ensuring the latest version is installed.

CSC 3: Secure security configurations using thorough configuration management for hardware and software of laptops, workstations, and servers to prevent the exploitation of services and settings. To successfully apply CSC 3, determine a baseline for securing configurations; CIS security configuration guidelines can be found for free ( ). Build a secure standard image for all systems in your organization and maintain configuration checklists for different classes of systems.

CSC 4: Regularly identify vulnerabilities reported by security professionals to minimize and reduce the chance of an attack. Run vulnerability scanning tools on all systems on a regular basis, such as CIS-CAT Pro ( ). Running these tools can ensure how secure your configurations are, provide a log of the target system, and identify assets in your network.

CSC 5: With the use of tools and processes, protect your organization’s information and assets on all devices: computers, networks, phones, or tablets to protect your system from attackers both inside and outside. Set policies to manage all user accounts and keep an inventory of all the users. Limit the number of administrative accounts to ensure your organization’s privacy does not fall into the wrong hands. Also, use multi-factor authentication and require complex passwords to maintain control over your systems. Never use common passwords or share your passwords, which can make it easier for attackers to steal information. Lastly, administrator’s computers should be separated from the rest of the network.

Tools for the implantation of CIS Control Tools can be found at:

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Cyberattacks ‘Could Lead to Inadvertent Missile Launches’, Says Think Tank

A number of nuclear weapons systems in the United States, Britain and other countries are at risk...

Read more arrow_forward

100% of Govt Entities See Own Employees as Biggest Cybersecurity Risk

A new cybersecurity report has claimed that the government sector is way behind others in...

Read more arrow_forward

HBO Refuses to Pay Hackers as Leaks Continue

HBO is refusing to negotiate with hackers who have allegedly stolen up to 1.5 terabytes of data from...

Read more arrow_forward