CIS Control 12: Network Infrastructure Management
Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords that, if deployed as-is, can significantly weaken an organization’s network infrastructure. Even if network devices are hardened with non-default configurations and strong passwords, over time these devices will be targeted by new vulnerabilities that are discovered by security researchers.
Key Takeaways for Control 12
Enterprises should ensure the teams implementing and operating the network infrastructure have processes and procedures in place that include capabilities for having a secure network infrastructure. These processes and procedures include, but are not limited to:
- developing a network security architecture,
- implementing a continuous security improvement process,
- creating and evolving a network security maturity model,
- developing and maintaining network architecture diagrams and documentation,
- ensuring no default settings or passwords for network devices, and
- implementing a patch and vulnerability management program for network infrastructure devices.
Control 12 is designed to help organizations enable and maintain more secure network infrastructure.
Safeguards for Control 12
1: Ensure Network Infrastructure is Up-to-Date
Description: Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
Notes: The security function associated with this safeguard is Protect.
2: Establish and Maintain a Secure Network Architecture
Description: Establish and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum.
Notes: The security function associated with this safeguard is Protect.
3: Securely Manage Network (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lane Thames. Read the original post at: https://www.tripwire.com/state-of-security/controls/cis-control-12/
