The Center for Internet Security Controls or CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.

We have now reviewed 15 of the 153 Safeguards, completing Controls 1 and 2 which are based on inventory control.

CIS Control Safeguard 2.7 is the Allowlist of Authorized Scripts, or the measure of using technical controls, such as digital signatures and version control to ensure only authorized scripts such as .ps1, .py, .etc or others are allowed to execute. Here you have to reassess bi-annually at the least and before you scare yourself, this safeguard is only required for Implementation Group 3 compliance.

Two quick tools I know do this well are ThreatLocker and Ivanti Zero-Trust Network Access (ZTNA). There are likely others out there, but I would start my search with these two products if you are looking for compliance here.

While there are methods to block the use of Powershell in windows via Applocker Policy, you would have to duplicate the steps and process for other applications like CMD that may enable batch scripts to run, or other scripting services that may be installed. So in combination with 2.5 you can likely get away with just blocking Powershell and Batch scripts as the Software allowlist would not have authorized any similar programs that can run scripting locally.

I would still point back to the two applications above for your ease and peace of mind just knowing its still working.

The bottom line is for Control 2, you have to maintain a current and accurate inventory of all applications on any of your assets and then have the ability to allowlist and block the software, libraries, and scripts you don't want to run.

Join the conversation - https://www.linkedin.com/posts/scottintech_ciscontrols-cybersecurity-safeguards-activity-7072291885871951872-L7ye?utm_source=share&utm_medium=member_desktop