CIS Framework Controls V8_16.2

Lionfish Cyber Security | August 22nd 2023 |

CIS Framework Controls V8

Application Software Security

16.2

Establish and Maintain a Process to Accept and Address Software Vulnerabilities

Establish and maintain a process to accept and address reports of software vulnerabilities including providing a means for external entities to report. The process is to include such items as: a vulnerability handling policy that identifies reporting process responsible party for handling vulnerability reports and a process for intake assignment remediation and remediation testing. As part of the process use a vulnerability tracking system that includes severity ratings and metrics for measuring timing for identification analysis and remediation of vulnerabilities. Review and update documentation annually or when significant enterprise changes occur that could impact this Safeguard. NULL 1
ZZ_CIS Framework Controls V8_Inventory and Control of Enterprise Assets_Establish and Maintain Detailed Enterprise Asset Inventory CIS_V8 CIS Framework Controls V8 Active 1 1 Inventory and Control of Enterprise Assets 1 13160 1.1 Establish and Maintain Detailed Enterprise Asset Inventory Establish and maintain an accurate detailed and up-to-date inventory of all enterprise assets with the potential to store or process data to include: end-user devices (including portable and mobile) network devices non-computing/IoT devices and servers. Ensure the inventory records the network address (if static) hardware address machine name enterprise asset owner department for each asset and whether the asset has been approved to connect to the network. For mobile end-user devices MDM type tools can support this process where appropriate. This inventory includes assets connected to the infrastructure physically virtually remotely and those within cloud environments. Additionally it includes assets that are regularly connected to the enterprise’s network infrastructure even if they are not under control of the enterprise. Review and update the inventory of all enterprise assets bi-annually or more frequently. 1 1
ZZ_CIS Framework Controls V8_Inventory and Control of Enterprise Assets_Address Unauthorized Assets CIS_V8 CIS Framework Controls V8 Active 1 1 Inventory and Control of Enterprise Assets 1 13161 1.2 Address Unauthorized Assets Ensure that a process exists to address unauthorized assets on a weekly basis. The enterprise may choose to remove the asset from the network deny the asset from connecting remotely to the network or quarantine the asset. 2 1
ZZ_CIS Framework Controls V8_Inventory and Control of Enterprise Assets_Utilize an Active Discovery Tool CIS_V8 CIS Framework Controls V8 Active 1 1 Inventory and Control of Enterprise Assets 1 13162 1.3 Utilize an Active Discovery Tool Utilize an active discovery tool to identify assets connected to the enterprise’s network. Configure the active discovery tool to execute daily or more frequently. 3 1
ZZ_CIS Framework Controls V8_Inventory and Control of Enterprise Assets_Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory CIS_V8 CIS Framework Controls V8 Active 1 1 Inventory and Control of Enterprise Assets 1 13163 1.4 Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory Use DHCP logging on all DHCP servers or Internet Protocol (IP) address management tools to update the enterprise’s asset inventory. Review and use logs to update the enterprise’s asset inventory weekly or more frequently. 4 1
ZZ_CIS Framework Controls V8_Inventory and Control of Enterprise Assets_Use a Passive Asset Discovery Tool CIS_V8 CIS Framework Controls V8 Active 1 1 Inventory and Control of Enterprise Assets 1 13164 1.5 Use a Passive Asset Discovery Tool Use a passive discovery tool to identify assets connected to the enterprise’s network. Review and use scans to update the enterprise’s asset inventory at least weekly or more frequently. 5 1
ZZ_CIS Framework Controls V8_Network Monitoring and Defense_Manage Access Control for Remote Assets CIS_V8 CIS Framework Controls V8 Active 1 1 Network Monitoring and Defense 13 13262 13.5 Manage Access Control for Remote Assets Manage access control for assets remotely connecting to enterprise resources. Determine amount of access to enterprise resources based on: up-to-date anti-malware software installed configuration compliance with the enterprise’s secure configuration process and ensuring the operating system and applications are up-to-date.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video