Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Insights to Control Framework Mapping: Device Management

Ingrid

Refer to the following Device Management insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights:

No Mobile Device Connectivity Security

Mobile devices appear to be allowed to connect to the network without security policy enforcement.

At least one event of the following event types was detected: [Pre-installed Malware] OR At least one system was detected simultaneously with the following indicators [Mobile Compromised System, Outdated Desktop Operating System]

Assessment

insight-ineffective.png Negative

Observations

CIS v8 Controls CIS v7 Controls

Controls

1 Inventory and Control of Enterprise Assets

Safeguards

1.2 Address Unauthorized Assets

Controls

1 Inventory and Control of Hardware Assets

Safeguards

  • 1.5 Maintain Asset Inventory Information
  • 1.6 Address Unauthorized Assets
  • 1.7 Deploy Port Level Access Control

Outdated Mobile Devices

The high ratio of outdated mobile devices connected to the Internet from the organization networks indicates ineffective control of allowed mobile devices

The ratio of events of type [Outdated Mobile Device Operating System] by type [Mobile Endpoint] is above 5.0%

Assessment

x Negative

Observations

Mobile Software

CIS v8 Controls CIS v7 Controls

Controls

  • 1 Inventory and Control of Enterprise Assets
  • 2 Inventory and Control of Software Assets

Safeguards

  • 1.1 Establish and Maintain Detailed Enterprise Asset Inventory
  • 1.2 Address Unauthorized Assets
  • 1.3 Utilize an Active Discovery Tool
  • 1.5 Use a Passive Asset Discovery Tool
  • 2.1 Establish and Maintain a Software Inventory
  • 2.2 Ensure Authorized Software is Currently Supported

Controls

  • 1 Inventory and Control of Hardware Assets
  • 2 Inventory and Control of Software Assets

Safeguards

  • 1.1 Utilize an Active Discovery Tool
  • 1.2 Use a Passive Asset Discovery Tool
  • 1.4 Maintain Detailed Asset Inventory
  • 1.5 Maintain Asset Inventory Information
  • 1.6 Address Unauthorized Assets
  • 2.1 Maintain Inventory of Authorized Software
  • 2.2 Ensure Software is Supported by Vendor
  • 2.3 Utilize Software Inventory Tools
  • 2.4 Track Software Inventory Information
  • 2.5 Integrate Software and Hardware Asset Inventories

No Administrative Network Devices Exposed

The lack of network devices with administrative interfaces exposed to the Internet indicates effective control and management of network devices.

The fraction of endpoints from category [Networking Device] detected with [Remote Admin Service Externally Exposed] is above 1.0%

Assessment

✓ Positive

Observations

Open Ports

CIS v8 Controls CIS v7 Controls

Controls

  • 4 Secure Configuration of Enterprise Assets and Software
  • 12 Network Infrastructure Management

Safeguards

N/A

Controls

11 Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Safeguards

  • 11.6 Use Dedicated Machines For All Network Administrative Tasks
  • 11.7 Manage Network Infrastructure Through a Dedicated Network

Low Outdated Mobile Devices Connected

The low ratio of outdated mobile devices connected to the Internet from the organization's network indicates a high level of control over allowed mobile devices.

The ratio of events of type [Outdated Mobile Device Operating System] by type [Mobile Endpoint] is below 2.0%

Assessment

insight-effective.png Positive

Observations

CIS v8 Controls CIS v7 Controls

Controls

2 Inventory and Control of Software Assets

Safeguards

  • 1.2 Address Unauthorized Assets
  • 1.3 Utilize an Active Discovery Tool
  • 1.5 Use a Passive Asset Discovery Tool
  • 2.1 Establish and Maintain a Software Inventory
  • 2.2 Ensure Authorized Software is Currently Supported
  • 2.3 Address Unauthorized Software

Controls

2 Inventory and Control of Software Assets

Safeguards

  • 1.1 Utilize an Active Discovery Tool
  • 1.2 Use a Passive Asset Discovery Tool
  • 1.4 Maintain Detailed Asset Inventory
  • 1.5 Maintain Asset Inventory Information
  • 1.6 Address Unauthorized Assets
  • 2.1 Maintain Inventory of Authorized Software
  • 2.2 Ensure Software is Supported by Vendor
  • 2.3 Utilize Software Inventory Tools
  • 2.4 Track Software Inventory Information
  • 2.5 Integrate Software and Hardware Asset Inventories
  • 2.6 Address Unapproved Software
  • 2.7 Utilize Application Whitelisting

Administrative Network Devices Exposed

The presence of network devices with administrative interfaces exposed to the internet indicates ineffective control and mismanagement of network devices.

The fraction of endpoints from category [Networking Device] detected with [Remote Admin Service Externally Exposed] is above 10.0%

Assessment

x Negative

Observations

Open Ports

CIS v8 Controls CIS v7 Controls

Controls

  • 4 Secure Configuration of Enterprise Assets and Software
  • 12 Network Infrastructure Management

Safeguards:

N/A

Controls

11 Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Safeguards:

  • 11.6 Use Dedicated Machines For All Network Administrative Tasks
  • 11.7 Manage Network Infrastructure Through a Dedicated Network
  • April 3, 2025: Published.

Related articles

Feedback

0 comments

Please sign in to leave a comment.