ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 23
4.1
Establish and Maintain a Secure
Configuration Process
Applications
Protect
4.2 Establish and Maintain a Secure
Configuration Process for
Network Infrastructure
Network
Protect
4.3 Configure Automatic Session
Locking on Enterprise Assets
Users
Protect
4.4 Implement and Manage a
Firewall on Servers
Devices
Protect
4.5 Implement and Manage a
Firewall on End-User Devices
Devices
Protect
4.6 Securely Manage Enterprise
Assets and Software
Network
4.7
Protect
Manage Default Accounts on
Enterprise Assets and Software
Users
Protect
4.8 Uninstall or Disable
Unnecessary Services on
Enterprise Assets and Software
Devices
Protect
4.9 Configure Trusted DNS Servers
on Enterprise Assets
Devices
Protect
4.10 Enforce Automatic Device
Lockout on Portable End-User
Devices
Devices
Respond
4.11 Enforce Remote Wipe
Capability on Portable EndUser Devices
Devices
Safeguards Total
12
IG1 7/12
IG2 11/12
IG3 12/12
Establish and maintain the secure configuration of enterprise assets
(end-user devices, including portable and mobile; network devices; noncomputing/IoT devices; and servers) and software (operating systems and
applications).
Why Is This CIS Control Critical?
As delivered from manufacturers and
resellers, the default configurations
for enterprise assets and software are
normally geared towards ease-ofdeployment and ease-of-use rather than
security. Basic controls, open services and
ports, default accounts or passwords, preconfigured Domain Name System (DNS)
settings, older (vulnerable) protocols, and
pre-installation of unnecessary software
can all be exploitable if left in their default
state. Further, these security configuration
updates need to be managed and
maintained over the life cycle of enterprise
assets and software. Configuration updates
need to be tracked and approved through
configuration management workflow
process to maintain a record that can
be reviewed for compliance, leveraged
for incident response, and to support
audits. This CIS Control is important to
on-premises devices, as well as remote
devices, network devices, and cloud
environments.
Service providers play a key role in
modern infrastructures, especially for
smaller enterprises. They often are not
set up by default in the most secure
configuration to provide flexibility for their
customers to apply their own security
policies. Therefore, the presence of default
accounts or passwords, excessive access,
or unnecessary services are common in
default configurations.
Protect
4.12 Separate Enterprise
Workspaces on Mobile EndUser Devices
Devices
04 - Secure Configuration of
Enterprise Assets and Software
CONTROL 04
THE SAFEGUARDS
Protect
Did You Know?
Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities and
attacks as highly effective. Setting up and managing appropriate security and configuration
policies and procedures doesn’t have to take a lot of effort if you work with a professional.
23
