CIS Controls 2.5 & 2.6 Allowlist Authorized Software and Libraries
The Center for Internet Security Controls or #CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of #Cybersecurity controls.
The 153 #Safeguards, which are found in the 18 controls, are a foundation to protecting your technology and data. They are not rocket science and the majority you can start to implement today.
Follow along as I outline and simplify the safeguards as we work together and #SecureIT.
Today we are going to review 2.5 and 2.6, which are using technical controls to establish an Allowlist for Software (2.5) and Libraries (2.6). Both are requirements for Implementation Group 2 and both require at minimum a bi-annual reassessment.
Looking at Software you need to ensure that only authorized software can execute or be accessed, or #Whitelisting.
Microsoft Windows Defender's Application Control allows organizations to control what applications are installed, and you can also use Microsoft Intune for Whitelisting as well.
Some Remote Monitoring and Management Tools like N-able's N-Central offer Application Compliance.
I really love what Danny Jenkins and the team at ThreatLocker have done with application allowlisting and if you have to check off this compliance requirement, you should check them out.
Safeguard 2.6 takes it a step further with Allowlisting of Libraries such as .dll, .ocx, .so, .etc or the files that are loaded into a system process.
Microsoft Windows Defender Application Control policy 19 enables policy enforcement for .NET applications and dynamically loaded libraries - only supported on Win 10 v1803 and newer or Server 2019 and newer.
I would again recommend looking at the #ZeroTrust Model at Threatlocker as it will check off the boxes of 2.5, 2.6, and 2.7 which we will look at tomorrow.
Join the conversation online at - https://www.linkedin.com/posts/scottrdavispa_ciscontrols-cybersecurity-safeguards-activity-7071953394730463232-gyLU?utm_source=share&utm_medium=member_desktop