Last edited: 2/3/2022
In this segment we are going to talk about the Center for Internet Security (CIS) Critical Security Controls (CSC). The CIS CSC is a set of Best Practices for securing information systems and data and that can be used to improve cyber defenses. It should be no surprise that this process is a detailed review of the critical systems and practices. This should serve as a guide map which should be used in reviewing your security posture.
Download link – (link still good May 2021)
These are the controls that all admins should know and should be used in the defense of their environments.
The controls can be broken down to Basic Controls, Fundamental Controls, and Organization controls. Each of these areas then have a number of detailed areas.
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
- Secure Configurations for Hardware and Software
- Continuous Vulnerability Assessment and Remediation