Home » Security Bloggers Network » CIS Control 1: Inventory and Control of Enterprise Assets

CIS Control 1: Inventory and Control of Enterprise Assets

by Matthew Jerzewski on August 26, 2021

Since 2008, the CIS Controls have been through many iterations of refinement and improvement, leading up to what we are presented with today in CIS Controls version 8. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles such as threat analysts, incident responders, solution providers, policy-makers, and more. This work is the wisdom collected from experts across many sectors who have banded together to create, adopt, and support the CIS Controls.

Today, I will be going over the first Control from version 8 of the top 18 CIS Controls – Inventory and Control of Enterprise Assets. This control had some updates since its last publication in CIS Controls 7.1 such as the introduction of “Safeguards”, which were known as “Sub-Controls” in previous versions of the CIS Controls. It is also notable that there are now only 18 Controls, whereas there were previously 20. Here I will go through the five safeguards for CIS Control 1 and offer my interpretation on what I’ve found.

Key Takeaways for Control 1

Starting with the basics. CIS Controls for version 8 have 18 controls. Out of the 18, the first six are considered to be the basics for setting the foundation for enterprise cybersecurity. Adopting the CIS Controls can both simplify and strengthen cybersecurity at once.
Tool availability. Many of the tools that accomplish the requirements set forth in Control 1 are open-source, which can help cut costs down during adoption of CIS. This is mainly for smaller organizations, as larger ones will quickly outgrow the extent of capabilities available as open-source. Commercial tools and services are available for enterprises who fit this category.
Reusability. Work smarter not harder. Many of the tools referenced (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Matthew Jerzewski. Read the original post at: https://www.tripwire.com/state-of-security/controls/cis-control-1/

August 26, 2021August 26, 2021 Matthew Jerzewski assets, cis controls, enterprise, Security Controls

CIS Control 1: Inventory and Control of Enterprise Assets

Key Takeaways for Control 1

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Randall Munroe’s XKCD ‘Horizontal Stabilizers’