The Center for Internet Security Controls or CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.

The 153 Safeguards, which are found in the 18 controls, are a foundation to protecting your technology and data. They are not rocket science and the majority you can start to implement today.

Follow along as I outline and simplify the safeguards as we work together and SecureIT.

We begin our review of CIS Control 2.x which covers the #Inventory and #Control of #Software Assets. Every organization should actively manage (inventory, track, and correct) all software (Operating Systems and Applications) on the network so that only authorized software is installed and can execute.

Not much has changed in 20 years, employees will go out and find a software title that resolves an issue or streamlines a process for themselves and install it. It could be the traditional WinZip application or a Photo Editor. It also could be their favorite game or within the Modern Workspace, if the workstation is shared with a family member a tool for their school, work, or play.

What has changed is more of the software titles in use today are web-based, but there are still more then enough downloading and installing for this to be a concern.

Safeguard 2.1 requires you to establish and maintain a software inventory. It must include at least the title, publisher, initial install/use date, business purpose for each entry, the URL, App Store(s), version(s), deployment mechanism, and the decommission date. It requires review and update of the inventory at least bi-annually.

How many times have you installed and removed an application the same day or a week later? Let's be real this is a challenge to complete without some sort of automated tool. That tool has to have privileges on the computer that will allow it to even query and report on the list.

The easiest way to check this off is the use of a Remote Monitoring and Management (RMM) Tool or Microsoft Intune as they will provide you a current software listing that you can maintain. The issue here comes into the fact that most RMM tools only retain records for up to 90 days, and even then you may have challenges looking back in time if you have to recall past records.

To check this box you can maintain the classic spreadsheet and manually review your systems no less than twice a year.

Remember you need to do this for all assets from Safeguard 1.1, so that includes all end-user devices, network devices, IoT devices, and servers.

Join the conversation on LinkedIn - https://www.linkedin.com/posts/scottrdavispa_ciscontrols-cybersecurity-safeguards-activity-7069718527959552001-oKYh?utm_source=share&utm_medium=member_desktop