The Center for Internet Security Controls or #CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.

The 153 #Safeguards, which are found in the 18 controls, are a foundation to protecting your technology and data. They are not rocket science and the majority you can start to implement today.

Follow along as I outline and simplify the safeguards as we work together and #SecureIT.

Wrapping up Control 1 with Safeguard 1.5 which is only required for Implementation Group 3 (#IG3), which calls for the use of a passive asset discovery tool. The passive tool needs to identify assets connected to the network, which should be reviewed at least weekly.

If we go back to Safeguard 1.3, it called for an Active Discovery Tool to identify assets connected to the network. It's important to note that an active scanner directly interacts with endpoints by querying them with test traffic packets and reviewing each response to find vulnerabilities.

Safeguard 1.5 is now looking for a Passive Discovery Tool to do the same. Passive scanners “silently” glean network data to detect weaknesses without actively interacting with endpoints.

It's important to note that to be IG3 certified you will need both the processes and tools in place to do both the Active and Passive Discovery.

The bottom line is your inventory is step 1 and is critical for data and cybersecurity frameworks. "You can't protect what you don't know" (Scott Davis). The inventory is the foundation to your knowledge.

So ensure you are looking at your asset inventory including end user devices, network devices, IoT devices, servers, and any other asset that can store or process data. Understand what types of data may be found on the asset and why its wherever its needed.

Knowing your inventory, means you are already steps ahead nefarious actors that are trying to find a way into your network and data.

Next we will review Control 2, which is you guessed it Inventory and Control of Software Assets. Yup, more inventorying.

Need help getting started with your Policy?  Download a Asset Management Template here!

Join the conversation on LinkedIn - https://www.linkedin.com/posts/scottrdavispa_ciscontrols-safeguards-secureit-activity-7069349248886038528--x2R?utm_source=share&utm_medium=member_desktop