CIS v7 and CIS v8 controls and how they’re mapped to Bitsight insights and assessments:
- Browser Configurations
- Detected Services
- Device Management
- DNS Configurations
- Email Configurations
- File Sharing
- Header Configurations
- Malware Presence
- Mobile Applications
- Network Attack Surface
- Potentially Unwanted Application & Software Presence
- Software Configuration
- Software Support
- TLS/SSL Certificate Configurations
- User Management
- Vulnerability Management & Security Hygiene
Browser Configurations
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The lack of outdated desktop browsers indicates effective workstation configurations The ratio of events of type [Outdated Desktop Browser] by type [Desktop Endpoint] is below 2.5% Assessment:Observations: |
Controls:4 Secure Configuration of Enterprise Assets and Software Safeguards:
|
Controls:5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Safeguards:
|
The presence of outdated desktop browsers indicates ineffective workstation configurations The ratio of events of type [Outdated Desktop Browser] by type [Desktop Endpoint] is above 7.5% Assessment:Observations: |
Controls:4 Secure Configuration of Enterprise Assets and Software Safeguards:
|
Controls:5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Safeguards:
|
Detected Services
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The presence of services using credential defaults or do not have credentials indicates ineffective access management and authentication At least one event of the following event types was detected: [Unauthenticated Service] Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
Device Management
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
Mobile devices appear to be allowed to connect to the network without security policy enforcement At least one event of the following event types was detected: [Pre-installed Malware] OR At least one system was detected simultaneously with the following indicators [Mobile Compromised System, Outdated Desktop Operating System] Assessment:Observations: |
Controls:1 Inventory and Control of Enterprise Assets Safeguards:1.2 Address Unauthorized Assets |
Controls:1 Inventory and Control of Hardware Assets Safeguards:
|
The high ratio of outdated mobile devices connected to the Internet from the organization networks indicates ineffective control of allowed mobile devices The ratio of events of type [Outdated Mobile Device Operating System] by type [Mobile Endpoint] is above 5.0% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The lack of network devices with administrative interfaces exposed to the Internet indicates effective control and management of network devices The fraction of endpoints from category [Networking Device] detected with [Remote Admin Service Externally Exposed] is above 1.0% Assessment:Observations: |
Controls:
Safeguards:N/A |
Controls:11 Secure Configuration for Network Devices, such as Firewalls, Routers and Switches Safeguards:
|
The low ratio of outdated mobile devices connected to the Internet from the organization's network indicates a high level of control over allowed mobile devices The ratio of events of type [Outdated Mobile Device Operating System] by type [Mobile Endpoint] is below 2.0% Assessment:Observations: |
Controls:2 Inventory and Control of Software Assets Safeguards:
|
Controls:2 Inventory and Control of Software Assets Safeguards:
|
The presence of network devices with administrative interfaces exposed to the Internet indicates ineffective control and mismanagement of network devices The fraction of endpoints from category [Networking Device] detected with [Remote Admin Service Externally Exposed] is above 10.0% Assessment:Observations: |
Controls:
Safeguards:N/A |
Controls:11 Secure Configuration for Network Devices, such as Firewalls, Routers and Switches Safeguards:
|
DNS Configurations
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The lack DNS Security configuration issues indicates effective control and secure server configurations The ratio of events of type [DNSSEC Configuration Issues] by type [DNSSEC Configuration Issues, DNSSEC Good Record] is below 10.0% Assessment:Observations: |
Controls:4 Secure Configuration of Enterprise Assets and Software Safeguards:
|
Controls:5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Safeguards:
|
The presence of DNS configuration issues indicates ineffective control and insecure server configurations The ratio of events of type [DNSSEC Configuration Issues] by type [DNSSEC Configuration Issues, DNSSEC Good Record] is above 20.0% Assessment:Observations: |
Controls:4 Secure Configuration of Enterprise Assets and Software Safeguards:
|
Controls:5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Safeguards:
|
Email Configurations
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The lack of email service misconfigurations indicates effective control and secure email server configurations The ratio of events of type [DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] by type [DKIM Good Record, Good SPF Finding, Good DMARC Record, DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] is below 10.0% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The presence of email service misconfigurations suggests ineffective control and insecure email server configurations The ratio of events of type [DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] by type [DKIM Good Record, Good SPF Finding, Good DMARC Record, DKIM Bad Record, Bad SPF Finding, Bad DMARC Record] is above 20.0% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
File Sharing
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The lack of peer-to-peer (P2P) file sharing indicates effective control of workstation software installation The ratio of events of type [File Sharing in Use] by type [Desktop Endpoint, Mobile Endpoint] is below 0.01% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The presence of peer-to-peer (P2P) file sharing indicates ineffective control of workstation software installation and that users may not be aware of the risks of downloading software from untrusted sources The ratio of events of type [File Sharing in Use] by type [Desktop Endpoint, Mobile Endpoint] is above 0.1% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
Header Configurations
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The lack of recommended HTTP security headers indicates ineffective and insecure web server configurations The ratio of events of type [Ineffective HTTP Security Headers, Missing HTTP Security Headers] by type [HTTP Service, HTTPS Service] is above 50.0% Assessment:Observations: |
Controls:16 Application Software Security Safeguards:
|
Controls:18 Application Software Security Safeguards:
|
The presence of recommended HTTP security headers indicates effective and secure web server configurations The ratio of events of type [Ineffective HTTP Security Headers, Missing HTTP Security Headers] by type [HTTP Service, HTTPS Service] is below 10.0% Assessment:Observations: |
Controls:16 Application Software Security Safeguards:
|
Controls:18 Application Software Security Safeguards:
|
Malware Presence
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The detection of multiple desktop malware families indicates weak control over malicious desktop software Over 1 distinct event types from: [Desktop Compromised System] were observed Assessment:Observations: |
Controls:10 Malware Defenses Safeguards:
|
Controls:8 Malware Defenses Safeguards:
|
The detection of multiple mobile malware families indicates weak control over malicious mobile software Over 1 distinct event types from: [Mobile Compromised System] were observed Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The lack of malware infections indicates effective malware protection or endpoint configurations The ratio of events of type [Compromised System] by type [Web Browser] is below 0.1% Assessment:Observations: |
Controls:10 Malware Defenses Safeguards:
|
Controls:8 Malware Defenses Safeguards:
|
The presence of Domain Generation Algorithm (DGA) based malware indicates ineffective network filtering or monitoring of network security audit logs At least one event of the following event types was detected: [Domain Generation Algorithm (DGA) Based Malware] Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The presence of malware infections from old, abandoned, malware families indicates ineffective malware prevention, intrusion detection, boundary defense, or incident response At least one event of the following event types was detected: [Abandoned Malware] Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The presence of malware infections indicates ineffective malware protection or endpoint configurations The ratio of events of type [Compromised System] by type [Web Browser] is above 0.5% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The presence of malware on an exposed Internet-of-Things (IoT) device indicates ineffective control of hardware assets on the network At least one event from all of the following event types were detected: [Internet-of-Things (IoT) System Compromised with Worm, Internet-of-Things (IoT) Service Port] Assessment:Observations: |
Controls:1 Inventory and Control of Enterprise Assets Safeguards:
|
Controls:1 Inventory and Control of Hardware Assets Safeguards:
|
The presence of persistent or recurring malware infections indicates ineffective malware protections or incident response At least one event of the following event types was present for at least 1 month(s)[Compromised System] Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
Mobile Applications
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The lack of mobile application development vulnerabilities indicates effective control of the Secure Application Development Life Cycle (SDLC) The ratio of events of type [Mobile Application Vulnerability] by type [Good Mobile Application Security Finding] is below 12.0% Assessment:Observations: |
Controls:16 Application Software Security Safeguards:
|
Controls:18 Application Software Security Safeguards:
|
The presence of mobile application development vulnerabilities indicates ineffective control of the Secure Application Development Life Cycle (SDLC) The ratio of events of type [Mobile Application Vulnerability] by type [Good Mobile Application Security Finding] is above 20.0% Assessment:Observations: |
Controls:16 Application Software Security Safeguards:
|
Controls:18 Application Software Security Safeguards:
|
Network Attack Surface
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
Having an unnecessarily large attack surface of exposed services on the network perimeter indicates ineffective control of network services The ratio of events of type [Unnecessarily Exposed Port] by type [Open Port] is above 1.0% Assessment:Observations: |
Controls:N/A Safeguards:
|
Controls:9 Limitation and Control of Network Ports, Protocols, and Services Safeguards:
|
The lack of unnecessarily exposed services on the network perimeter indicates effective control of network services The ratio of events of type [Unnecessarily Exposed Port] by type [Open Port] is below 0.001% Assessment:Observations: |
Controls:N/A Safeguards:
|
Controls:9 Limitation and Control of Network Ports, Protocols, and Services Safeguards:
|
The presence of cleartext remote protocols over the Internet indicates ineffective network boundary defense and a lack of network data integrity At least one event of the following event types was detected: [Cleartext Protocol] Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The presence of outbound network scanning activity indicates ineffective control of the network boundary At least one event of the following event types was detected: [Outbound Network Scanning Activity] Assessment:Observations: |
Controls:13 Network Monitoring and Defense Safeguards:
|
Controls:12 Boundary Defense Safeguards:
|
Potentially Unwanted Application & Software Presence
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The detection of multiple Potentially Unwanted Programs (PUP) indicates ineffective control of workstation software installation Over 1 distinct event types from: [Potentially Unwanted Program (PUP)] were observed Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The lack of observations of potentially unwanted software indicates effective control of workstation software installation The ratio of events of type [Potentially Unwanted Program (PUP)] by type [Desktop Endpoint, Mobile Endpoint] is below 0.01% Assessment:Observations: |
Controls:5 Account Management Safeguards:
|
Controls:4 Controlled Use of Administrative Privileges Safeguards:
|
The presence of Potentially Unwanted Software (PUP), typically bundled with software downloaded from untrusted sources, indicates ineffective control of workstation software installation The ratio of events of type [Potentially Unwanted Program (PUP)] by type [Desktop Endpoint, Mobile Endpoint] is above 0.1% Assessment:Observations: |
Controls:5 Account Management Safeguards:
|
Controls:4 Controlled Use of Administrative Privileges Safeguards:
|
The presence of software unrelated to office productivity indicates ineffective control of software installation on endpoints The ratio of events of type [Media and Entertainment Software, Sideloaded Mobile App, File Sharing in Use, Potentially Unwanted Program (PUP)] by type [Desktop Endpoint, Mobile Endpoint] is above 1.0% Assessment:Observations: |
Controls:2 Inventory and Control of Software Assets Safeguards:
|
Controls:2 Inventory and Control of Software Assets Safeguards:
|
Software Configuration
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
A configuration management system was detected, indicating effective software configurations At least one event of the following event types was detected: [Configuration Management System in Use] Assessment:Observations: |
Controls:2 Inventory and Control of Software Assets Safeguards:N/A |
Controls:2 Inventory and Control of Software Assets Safeguards:2.3 Utilize Software Inventory Tools |
Software Support
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The lack of abandoned software indicates effective control of managing and discontinuing software products At least one event of the following event types was detected: [Configuration Management System in Use] Assessment:Observations: |
Controls:2 Inventory and Control of Software Assets Safeguards:
|
Controls:2 Inventory and Control of Software Assets Safeguards:
|
The presence of abandoned software indicates ineffective control of managing and discontinuing software products The ratio of events of type [Abandoned Software] by type [Desktop Endpoint, Mobile Endpoint, Open Port] is above 0.01% Assessment:Observations: |
Controls:2 Inventory and Control of Software Assets Safeguards:
|
Controls:2 Inventory and Control of Software Assets Safeguards:
|
The presence of unsupported server software indicates ineffective control of network assets and the software life cycle The ratio of events of type [Unsupported Server Software] by type [HTTP Service, HTTPS Service] is above 10.0% Assessment:Observations: |
Controls:2 Inventory and Control of Software Assets Safeguards:
|
Controls:2 Inventory and Control of Software Assets Safeguards:
|
TLS/SSL Certificate Configurations
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
Certificates can generally be validated against a trusted root Certificate Authority (CA), indicating effective control and management of TLS/SSL configurations The ratio of events of type [Untrusted TLS/SSL Certificate] by type [Untrusted TLS/SSL Certificate, TLS/SSL Certificate Good Record] is below 10.0% Assessment:Observations: |
Controls:4 Secure Configuration of Enterprise Assets and Software Safeguards:
|
Controls:5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Safeguards:
|
The lack of TLS/SSL certificates with insecure parameters indicates effective control and management of TLS/SSL configurations The ratio of events of type [Insecure TLS/SSL Certificate Settings] by type [Insecure TLS/SSL Certificate Settings, TLS/SSL Certificate Good Record] is below 10.0% Assessment:Observations: |
Controls:4 Secure Configuration of Enterprise Assets and Software Safeguards:
|
Controls:5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Safeguards:
|
The presence of self-signed TLS/SSL certificates exposed to the Internet indicates ineffective and insecure server configurations At least one event of the following event types was detected: [Self-Signed TLS/SSL Certificate] Assessment:Observations: |
Controls:4 Secure Configuration of Enterprise Assets and Software Safeguards:
|
Controls:5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Safeguards:
|
The presence of TLS/SSL certificates that cannot be validated against a trusted root certificate authority (CA) indicates ineffective control and management of TLS/SSL configurations The ratio of events of type [Untrusted TLS/SSL Certificate] by type [Untrusted TLS/SSL Certificate, TLS/SSL Certificate Good Record] is above 20.0% Assessment:Observations: |
Controls:4 Secure Configuration of Enterprise Assets and Software Safeguards:
|
Controls:5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Safeguards:
|
The presence of TLS/SSL certificates with insecure parameters indicates ineffective control and mismanagement of TLS/SSL configurations The ratio of events of type [Insecure TLS/SSL Certificate Settings] by type [Insecure TLS/SSL Certificate Settings, TLS/SSL Certificate Good Record] is above 20.0% Assessment:Observations: |
Controls:4 Secure Configuration of Enterprise Assets and Software Safeguards:
|
Controls:5 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Safeguards:
|
User Management
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
The presence of applications using cleartext authentication indicates ineffective controls of user accounts and credentials The ratio of events of type [Cleartext Credential Transmission] by type [Open Port] is above 2.0% Assessment:Observations: |
Controls:6 Access Control Management Safeguards:
|
Controls:14 Controlled Access Based on the Need to Know Safeguards:
|
Vulnerability Management & Security Hygiene
Insight & Assessment | CIS v8 Controls | CIS v7 Controls |
---|---|---|
Detected confirmed vulnerabilities were not fixed for over one month. This indicates that continuous vulnerability management is ineffective and may be failing The ratio of events of type [Confirmed Vulnerability in Exposed Third Party Product] present for at least 1 month(s) by type [Open Port] is above 10.0% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The lack of confirmed vulnerabilities for over a month indicates effective continuous vulnerability management The ratio of events of type [Confirmed Vulnerability in Exposed Third Party Product] present for at least 1 month(s) by type [Open Port] is below 2.5% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The lack of basic security hygiene issues indicates effective processes to detect, respond, and remediate security issues are in place The ratio of events of type [Cleartext Credential Transmission, Inadvisable Service Exposed on Open Port, Unnecessarily Exposed Port, Unauthenticated Service] by type [Open Port] is below 1.0% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The lack of vulnerabilities in network devices indicates effective control, patching, and mismanagement of network devices The fraction of endpoints from category [Networking Device] detected with [Confirmed Vulnerability in Exposed Third Party Product] is above 1.0% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:11 Secure Configuration for Network Devices, such as Firewalls, Routers and Switches Safeguards:
|
The presence of basic security hygiene issues indicates the processes to detect, respond, and remediate security issues are ineffective and may be failing The ratio of events of type [Cleartext Credential Transmission, Inadvisable Service Exposed on Open Port, Unnecessarily Exposed Port, Unauthenticated Service] by type [Open Port] is above 2.0% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:
Safeguards:
|
The presence of vulnerabilities in network devices indicates ineffective control, patching, and mismanagement of network devices The fraction of endpoints from category [Networking Device] detected with [Confirmed Vulnerability in Exposed Third Party Product] is above 5.0% Assessment:Observations: |
Controls:
Safeguards:
|
Controls:11 Secure Configuration for Network Devices, such as Firewalls, Routers and Switches Safeguards:
|
Feedback
0 comments
Please sign in to leave a comment.