COMPLIANCE
CIS Top 20 ChecklistPrioritize security controls for effectiveness against real world threats
CIS Top 20 Controls Checklist
- Do you have the ability to prevent and detect when unauthorized hardware devices are connected to your network?
- Do you have the ability to prevent and detect unauthorized software from being installed on your network devices and employee mobile devices?
- Do you regularly (monthly/quarterly) scan, detect, and remediate vulnerabilities on your network using a SCAP certified scanning tool?
- Have you applied added protections for administrative tasks, roles, accounts, and critical devices?
- Do you apply security hardening procedures to your phones, mobile devices, laptops, workstations, and servers?
- Do you use a Security Incident and Event Management (SIEM) tool?
- Do you only use fully supported, current, and updated email clients, web browsers, content filtering, and spam filtering?
- Do you have an anti-malware solution in place?
- Do you utilize a next-generation firewall with endpoint control to limit and control network ports, protocols, and services?
- Do you perform and test regular backups with a protected “non-continuously addressable” backup destination to protect against ransomware attacks?
- Do you utilize configuration management and a change control process to manage all critical network devices and infrastructure?
- Does your firewall inspect and alert on all traffic, including encrypted traffic?
- Do you inventory where all of your sensitive information and data are stored and have a process and tool in place to prevent the exfiltration of your data?
- Do you segment and control access to data and systems in your organization?
- Do you have formal processes and tools in place to track, control, prevent, and restrict access to your wireless networks utilizing Strong Encryption and Multi-Factor Authentication?
- Do you have formal processes and technologies to monitor and manage users’ access to systems, workstations, and applications?
- Do you currently have a security awareness training and testing program and test all employees at least semi-annually?
- Do you have formal processes and tools in place to manage the security lifecycle of all “in-house developed” and acquired software in order to prevent, detect, and correct security weaknesses?
- Do you have a documented incident response plan and test it at least annually?
- Do you conduct internal and external penetration tests at least annually?
Get in touch
Schedule your risk-free consultation.
Contact us today to speak with an expert about your specific needs.
"*" indicates required fields
Stay in the Cloud
Sign Up for Our Newsletter
Sign up for our monthly newsletter for to stay up to date.
Partners
Company
Newsletter
Copyright © 2022 STN Inc. All Rights Reserved.