CIS Controls 1.1 Establish and Maintain Detailed Enterprise Asset Inventory
The Center for Internet Security Controls or CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.
The 153 Safeguards, which are found in the 18 controls, are a foundation to protecting your technology and data. They are not rocket science and the majority you can start to implement today.
Follow along as I outline and simplify the safeguards as we work together and SecureIT.
CIS Control 1 is Inventory and Control of your assets, so it makes sense that Safeguard 1.1 is "Establish and Maintain a Detailed Asset Inventory".
This is calling for you to maintain a current inventory of all of your assets that have the potential to store or process data. So that includes endpoints, network devices, IoT devices, servers, hard drives, usb devices, and in some cases even backup storage devices or drives.
You should maintain at minimum the hardware address, machine name, owner, operating system, and what type of data does the user have access to. I would assume that any asset can be used within the network as well as outside the network with today's modern workspace.
You know what you have to store, but how you store it is also critical. There are tools like Hudu, IT Glue, Confluence, Microsoft Sharepoint, ManageEngine's AssetExplorer, and other documentation tools that allow you to manually manage this. Integrations and tools like Liongard or your Remote Monitoring and Management (RMM) tools can automate some of the inventory pieces as well, but you have to have a solution that allows for the manual entry of devices to meet this compliance piece.
You want to automate what you can, because manual documentation will be outdated and no matter how good the techs are, it's never going to be updated right away.
If you don't have access to any of the above tools you can utilize a shared Microsoft Excel or Google Sheets to list your objects in a spreadsheet format, but you'll learn as we go thru this you'll want to go with a tool that has integrations with the assets you utilize - again when you can automate it, then you'll find it always to be more accurate.
CIS Safeguard 1.1 is required for Implementation Groups 1, 2, and 3.
Need help getting started with your Policy? Download a Asset Management Template here!
Join the conversation on LinkedIn - https://www.linkedin.com/posts/scottrdavispa_ciscontrols-secureit-activity-7067238255586365440-jg9g?utm_source=share&utm_medium=member_desktop