Insights to Control Framework Mapping: Device Management Ingrid Refer to the following Device Management insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights: No Mobile Device Connectivity Security Mobile devices appear to be allowed to connect to the network without security policy enforcement. At least one event of the following event types was detected: [Pre-installed Malware] OR At least one system was detected simultaneously with the following indicators [Mobile Compromised System, Outdated Desktop Operating System] Assessment Negative Observations Botnet Infections Potentially Exploited Desktop Software CIS v8 Controls CIS v7 Controls Controls 1 Inventory and Control of Enterprise Assets Safeguards 1.2 Address Unauthorized Assets Controls 1 Inventory and Control of Hardware Assets Safeguards 1.5 Maintain Asset Inventory Information 1.6 Address Unauthorized Assets 1.7 Deploy Port Level Access Control Outdated Mobile Devices The high ratio of outdated mobile devices connected to the Internet from the organization networks indicates ineffective control of allowed mobile devices The ratio of events of type [Outdated Mobile Device Operating System] by type [Mobile Endpoint] is above 5.0% Assessment Negative Observations Mobile Software CIS v8 Controls CIS v7 Controls Controls 1 Inventory and Control of Enterprise Assets 2 Inventory and Control of Software Assets Safeguards 1.1 Establish and Maintain Detailed Enterprise Asset Inventory 1.2 Address Unauthorized Assets 1.3 Utilize an Active Discovery Tool 1.5 Use a Passive Asset Discovery Tool 2.1 Establish and Maintain a Software Inventory 2.2 Ensure Authorized Software is Currently Supported Controls 1 Inventory and Control of Hardware Assets 2 Inventory and Control of Software Assets Safeguards 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information 1.6 Address Unauthorized Assets 2.1 Maintain Inventory of Authorized Software 2.2 Ensure Software is Supported by Vendor 2.3 Utilize Software Inventory Tools 2.4 Track Software Inventory Information 2.5 Integrate Software and Hardware Asset Inventories No Administrative Network Devices Exposed The lack of network devices with administrative interfaces exposed to the Internet indicates effective control and management of network devices. The fraction of endpoints from category [Networking Device] detected with [Remote Admin Service Externally Exposed] is above 1.0% Assessment Positive Observations Open Ports CIS v8 Controls CIS v7 Controls Controls 4 Secure Configuration of Enterprise Assets and Software 12 Network Infrastructure Management Safeguards N/A Controls 11 Secure Configuration for Network Devices, such as Firewalls, Routers and Switches Safeguards 11.6 Use Dedicated Machines For All Network Administrative Tasks 11.7 Manage Network Infrastructure Through a Dedicated Network Low Outdated Mobile Devices Connected The low ratio of outdated mobile devices connected to the Internet from the organization's network indicates a high level of control over allowed mobile devices. The ratio of events of type [Outdated Mobile Device Operating System] by type [Mobile Endpoint] is below 2.0% Assessment Positive Observations Open Ports Insecure Systems Desktop Software Mobile Software CIS v8 Controls CIS v7 Controls Controls 2 Inventory and Control of Software Assets Safeguards 1.2 Address Unauthorized Assets 1.3 Utilize an Active Discovery Tool 1.5 Use a Passive Asset Discovery Tool 2.1 Establish and Maintain a Software Inventory 2.2 Ensure Authorized Software is Currently Supported 2.3 Address Unauthorized Software Controls 2 Inventory and Control of Software Assets Safeguards 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information 1.6 Address Unauthorized Assets 2.1 Maintain Inventory of Authorized Software 2.2 Ensure Software is Supported by Vendor 2.3 Utilize Software Inventory Tools 2.4 Track Software Inventory Information 2.5 Integrate Software and Hardware Asset Inventories 2.6 Address Unapproved Software 2.7 Utilize Application Whitelisting Administrative Network Devices Exposed The presence of network devices with administrative interfaces exposed to the internet indicates ineffective control and mismanagement of network devices. The fraction of endpoints from category [Networking Device] detected with [Remote Admin Service Externally Exposed] is above 10.0% Assessment Negative Observations Open Ports CIS v8 Controls CIS v7 Controls Controls 4 Secure Configuration of Enterprise Assets and Software 12 Network Infrastructure Management Safeguards: N/A Controls 11 Secure Configuration for Network Devices, such as Firewalls, Routers and Switches Safeguards: 11.6 Use Dedicated Machines For All Network Administrative Tasks 11.7 Manage Network Infrastructure Through a Dedicated Network April 3, 2025: Published. Related articles Patching Cadence Risk Vector GET: Potentially Exploited Finding Details Action Plans: Control Insights API Fields: Rating Types Configuring SAML Apps Feedback 0 comments Please sign in to leave a comment.