The Center for Internet Security (CIS) lists a prioritized set of actions to protect organizations from known cyber attack vectors. Known as the CIS 20, the list is broken down into:

  • 6 Basic CIS Controls 
  • 10 Foundational CIS Controls
  • 4 Organizational CIS Controls

The most basic controls, CIS 1 and 2 are covered in the following video, demonstrating how a cybersecurity asset management platform like Axonius can automatically provide what organizations need to achieve these controls. More specifically:

CIS Control 1

Inventory of Authorized and Unauthorized Devices.

“Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.”

To achieve CIS Control 1, the Center for Internet Security highlights 3 key steps:

  1. Identify all devices
  2. Document the inventory
  3. Keep the inventory current

CIS Control 2

Inventory of Authorized and Unauthorized Software.

“Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.”

To achieve CIS Control 2, the Center for Internet Security requires you to:

  1. Identify and document all software
  2. Develop a whitelist of approved software
  3. Manage the software on the system through regular scanning and updates

Have a look at the short video below to see how organizations are able to achieve CIS Controls 1 and 2 with cybersecurity asset management.