Today, I will be going over Control 14 from version 7 of the CIS top 20 Critical Security Controls – Controlled Access Based on the Need to Know. I will go through the nine requirements and offer my thoughts on what I’ve found.

Key Takeaways for Control 14

  • Information Security 101. There are a lot of foundational controls in here which should be adopted by even the smallest of organizations. Network segmentation, permissions, and data encryption are basic security hygiene that are cheap and easy to implement.
  • FIM is so much more. With version 7, file integrity monitoring only appears here in section 14.9. However, FIM is a key capability across a wide array of the controls from top to bottom. Deploying FIM should be considered a foundational control for many organizations.
  • Automation and integration. Automating security tasks is usually going to be a force multiplier for your security staff. While not directly touched on, integrating tools together is going to be another area to amplify the workforce. By bolting together technologies, a higher visibility into the network can be obtained.

Requirement Listing for Control 14

1. Segment the Network Based on Sensitivity

Description: Segment the network based on the label or classification of the information stored on the services, locate all sensitive information on separated Virtual Local Area Networks (VLANs).

Notes: Network segmentation could have prevented a lot of the breaches we read about in the news. This is one of the foundational controls that should be in place at any organization large or small.

2. Enable Firewall Filtering Between VLANs

Description: Enable firewall filtering between VLANs to ensure that only authorized systems are able to communicate with other systems necessary to fulfill their specific responsibilities.

Notes:  Once you have separated the networks into (Read more...)