Date: Dec 22, 2024, 11:11:50 AM
Date: Jul 7, 2021, 4:37:16 PM
Editor: S3cN3tSys
Name:
Name: CIS Controls v8 safeguards
Description:
Description: CIS Controls are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks.
Format of the recommendations:
code: concatenation of
- safeguard identifier
- asset Type: Devices, Applications, Data Network, Users or N/A
- security function: Identify, Protect, Detect, Respond or Recover
- minimal implementation group: IG1, IG2, IG3
description: concatenation of
- control
- safeguard title
t | 1 | {} | t | 1 | { |
2 | "authors": [ | ||||
3 | "S3cN3tSys" | ||||
4 | ], | ||||
5 | "label": "CIS Controls v8 safeguards", | ||||
6 | "language": "EN", | ||||
7 | "refs": [ | ||||
8 | "https://www.cisecurity.org/controls/v8/" | ||||
9 | ], | ||||
10 | "uuid": "e104cdf4-2fff-4989-9636-c16ddd8b2a78", | ||||
11 | "values": [ | ||||
12 | { | ||||
13 | "code": "1.1-Devices-Identify-IG1", | ||||
14 | "description": "Inventory and control of enterprise assets-Establish and maintain detailed enterprise asset inventory", | ||||
15 | "importance": 0, | ||||
16 | "uuid": "bddbfd9a-bd01-4818-9b0f-59b876243c90" | ||||
17 | }, | ||||
18 | { | ||||
19 | "code": "1.2-Devices-Respond-IG1", | ||||
20 | "description": "Inventory and control of enterprise assets-Address unauthorized assets", | ||||
21 | "importance": 0, | ||||
22 | "uuid": "df7b8cf0-93ef-49ce-bb41-3ae405ed0953" | ||||
23 | }, | ||||
24 | { | ||||
25 | "code": "1.3-Devices-Detect-IG2", | ||||
26 | "description": "Inventory and control of enterprise assets-Utilize an active discovery tool", | ||||
27 | "importance": 0, | ||||
28 | "uuid": "0a290b75-f9a0-4103-a5ee-95900765c420" | ||||
29 | }, | ||||
30 | { | ||||
31 | "code": "1.4-Devices-Identify-IG2", | ||||
32 | "description": "Inventory and control of enterprise assets-Use dynamic host configuration protocol (DHCP) logging to update enterprise asset inventory", | ||||
33 | "importance": 0, | ||||
34 | "uuid": "b511f821-a439-4591-b3ae-018e4669ecd2" | ||||
35 | }, | ||||
36 | { | ||||
37 | "code": "1.5-Devices-Detect-IG3", | ||||
38 | "description": "Inventory and control of enterprise assets-Use a passive asset discovery tool", | ||||
39 | "importance": 0, | ||||
40 | "uuid": "e087cb99-8458-46e9-a685-d8b9c1d90309" | ||||
41 | }, | ||||
42 | { | ||||
43 | "code": "10.1-Devices-Protect-IG1", | ||||
44 | "description": "Malware defenses-Deploy and maintain anti-malware software", | ||||
45 | "importance": 0, | ||||
46 | "uuid": "3dc09e1e-964f-465d-81b3-e7bee3dc4fc2" | ||||
47 | }, | ||||
48 | { | ||||
49 | "code": "10.2-Devices-Protect-IG1", | ||||
50 | "description": "Malware defenses-Configure automatic anti-malware signature updates", | ||||
51 | "importance": 0, | ||||
52 | "uuid": "d6c49f98-6204-42e6-a1f4-f0f7206e2485" | ||||
53 | }, | ||||
54 | { | ||||
55 | "code": "10.3-Devices-Protect-IG1", | ||||
56 | "description": "Malware defenses-Disable autorun and autoplay for removable media", | ||||
57 | "importance": 0, | ||||
58 | "uuid": "d25cd6be-da2a-4262-9949-168cdd555c36" | ||||
59 | }, | ||||
60 | { | ||||
61 | "code": "10.4-Devices-Detect-IG2", | ||||
62 | "description": "Malware defenses-Configure automatic anti-malware scanning of removable media", | ||||
63 | "importance": 0, | ||||
64 | "uuid": "0f85c704-796b-4620-ab3b-307d870cf02e" | ||||
65 | }, | ||||
66 | { | ||||
67 | "code": "10.5-Devices-Protect-IG2", | ||||
68 | "description": "Malware defenses-Enable anti-exploitation features", | ||||
69 | "importance": 0, | ||||
70 | "uuid": "71bcef8a-b0f9-4a9d-8736-7106eed100aa" | ||||
71 | }, | ||||
72 | { | ||||
73 | "code": "10.6-Devices-Protect-IG2", | ||||
74 | "description": "Malware defenses-Centrally manage anti-malware software", | ||||
75 | "importance": 0, | ||||
76 | "uuid": "992326df-4230-4411-8369-271031da8fd3" | ||||
77 | }, | ||||
78 | { | ||||
79 | "code": "10.7-Devices-Detect-IG2", | ||||
80 | "description": "Malware defenses-Use behavior-based anti-malware software", | ||||
81 | "importance": 0, | ||||
82 | "uuid": "5ff9342c-ef4b-4a94-846b-116449b816cc" | ||||
83 | }, | ||||
84 | { | ||||
85 | "code": "11.1-Data-Recover-IG1", | ||||
86 | "description": "Data recovery-Establish and maintain a data recovery process", | ||||
87 | "importance": 0, | ||||
88 | "uuid": "a13ea0ef-ffb0-40b1-ad2a-12575023abc3" | ||||
89 | }, | ||||
90 | { | ||||
91 | "code": "11.2-Data-Recover-IG1", | ||||
92 | "description": "Data recovery-Perform automated backups", | ||||
93 | "importance": 0, | ||||
94 | "uuid": "5d962f76-f06c-4ac8-8719-1e076bc045fa" | ||||
95 | }, | ||||
96 | { | ||||
97 | "code": "11.3-Data-Protect-IG1", | ||||
98 | "description": "Data recovery-Protect recovery data", | ||||
99 | "importance": 0, | ||||
100 | "uuid": "8f1aea43-f84d-42f8-963b-f022bc26e0f0" | ||||
101 | }, | ||||
102 | { | ||||
103 | "code": "11.4-Data-Recover-IG1", | ||||
104 | "description": "Data recovery-Establish and maintain an isolated instance of recovery data", | ||||
105 | "importance": 0, | ||||
106 | "uuid": "1856b595-3895-4dff-9ceb-558abec393f2" | ||||
107 | }, | ||||
108 | { | ||||
109 | "code": "11.5-Data-Recover-IG2", | ||||
110 | "description": "Data recovery-Test data recovery", | ||||
111 | "importance": 0, | ||||
112 | "uuid": "d54a8077-661a-4aaa-b90e-f61e23764513" | ||||
113 | }, | ||||
114 | { | ||||
115 | "code": "12.1-Network-Protect-IG1", | ||||
116 | "description": "Network infrastructure management-Ensure network infrastructure is up-to-date", | ||||
117 | "importance": 0, | ||||
118 | "uuid": "6f3c9210-54be-4aef-a326-c46389d34e5a" | ||||
119 | }, | ||||
120 | { | ||||
121 | "code": "12.2-Network-Protect-IG2", | ||||
122 | "description": "Network infrastructure management-Establish and maintain a secure network architecture", | ||||
123 | "importance": 0, | ||||
124 | "uuid": "3b941a78-f75b-4b7d-9565-c3840af19471" | ||||
125 | }, | ||||
126 | { | ||||
127 | "code": "12.3-Network-Protect-IG2", | ||||
128 | "description": "Network infrastructure management-Securely manage network infrastructure", | ||||
129 | "importance": 0, | ||||
130 | "uuid": "b3a03b9b-5f74-4a5b-9043-8662221dcde5" | ||||
131 | }, | ||||
132 | { | ||||
133 | "code": "12.4-Network-Identify-IG2", | ||||
134 | "description": "Network infrastructure management-Establish and maintain architecture diagram(s)", | ||||
135 | "importance": 0, | ||||
136 | "uuid": "d6bb7326-163d-4c9d-a94c-f910a345cc55" | ||||
137 | }, | ||||
138 | { | ||||
139 | "code": "12.5-Network-Protect-IG2", | ||||
140 | "description": "Network infrastructure management-Centralize network authentication; authorization; and auditing (AAA)", | ||||
141 | "importance": 0, | ||||
142 | "uuid": "bb69f5e6-5745-4a70-b863-248ba2a6fae2" | ||||
143 | }, | ||||
144 | { | ||||
145 | "code": "12.6-Network-Protect-IG2", | ||||
146 | "description": "Network infrastructure management-Use of secure network management and communication protocols", | ||||
147 | "importance": 0, | ||||
148 | "uuid": "ad65c163-116b-4ff9-afc1-d2986362958c" | ||||
149 | }, | ||||
150 | { | ||||
151 | "code": "12.7-Devices-Protect-IG2", | ||||
152 | "description": "Network infrastructure management-Ensure remote devices utilize a vpn and are connecting to an enterprises aaa infrastructure", | ||||
153 | "importance": 0, | ||||
154 | "uuid": "10779a71-e1a5-40bc-8035-65c1e879b3fb" | ||||
155 | }, | ||||
156 | { | ||||
157 | "code": "12.8-Devices-Protect-IG3", | ||||
158 | "description": "Network infrastructure management-Establish and maintain dedicated computing resources for all administrative work", | ||||
159 | "importance": 0, | ||||
160 | "uuid": "6b2e129e-7212-418f-b73e-98ece0f5495a" | ||||
161 | }, | ||||
162 | { | ||||
163 | "code": "13.1-Network-Detect-IG2", | ||||
164 | "description": "Network monitoring and defense-Centralize security event alerting", | ||||
165 | "importance": 0, | ||||
166 | "uuid": "67f9d216-3a19-41fe-9867-3ad72e46a8e4" | ||||
167 | }, | ||||
168 | { | ||||
169 | "code": "13.1-Network-Protect-IG2", | ||||
170 | "description": "Network monitoring and defense-Perform application layer filtering", | ||||
171 | "importance": 0, | ||||
172 | "uuid": "7ceb6e84-5b91-4768-bac2-f5f378b17d39" | ||||
173 | }, | ||||
174 | { | ||||
175 | "code": "13.11-Network-Detect-IG3", | ||||
176 | "description": "Network monitoring and defense-Tune security event alerting thresholds", | ||||
177 | "importance": 0, | ||||
178 | "uuid": "c36588b7-3795-4d29-aeb1-cad9779e071e" | ||||
179 | }, | ||||
180 | { | ||||
181 | "code": "13.2-Devices-Detect-IG2", | ||||
182 | "description": "Network monitoring and defense-Deploy a host-based intrusion detection solution", | ||||
183 | "importance": 0, | ||||
184 | "uuid": "8b0e9aa6-563d-4932-b84e-42f7f5fa4b66" | ||||
185 | }, | ||||
186 | { | ||||
187 | "code": "13.3-Network-Detect-IG2", | ||||
188 | "description": "Network monitoring and defense-Deploy a network intrusion detection solution", | ||||
189 | "importance": 0, | ||||
190 | "uuid": "8ad4ac5f-27d8-4088-8fdf-428dbca182ef" | ||||
191 | }, | ||||
192 | { | ||||
193 | "code": "13.4-Network-Protect-IG2", | ||||
194 | "description": "Network monitoring and defense-Perform traffic filtering between network segments", | ||||
195 | "importance": 0, | ||||
196 | "uuid": "926bbf48-ac93-47b4-9c88-e18f3d2e0dd5" | ||||
197 | }, | ||||
198 | { | ||||
199 | "code": "13.5-Devices-Protect-IG2", | ||||
200 | "description": "Network monitoring and defense-Manage access control for remote assets", | ||||
201 | "importance": 0, | ||||
202 | "uuid": "077f28d8-ad9f-429d-96dc-31f91b7daf3c" | ||||
203 | }, | ||||
204 | { | ||||
205 | "code": "13.6-Network-Detect-IG2", | ||||
206 | "description": "Network monitoring and defense-Collect network traffic flow logs ", | ||||
207 | "importance": 0, | ||||
208 | "uuid": "db99bd9e-2b52-4513-9385-7ccb7fec8325" | ||||
209 | }, | ||||
210 | { | ||||
211 | "code": "13.7-Devices-Protect-IG3", | ||||
212 | "description": "Network monitoring and defense-Deploy a host-based intrusion prevention solution", | ||||
213 | "importance": 0, | ||||
214 | "uuid": "8fc8c868-4a72-4a49-af62-01b0b7931475" | ||||
215 | }, | ||||
216 | { | ||||
217 | "code": "13.8-Network-Protect-IG3", | ||||
218 | "description": "Network monitoring and defense-Deploy a network intrusion prevention solution", | ||||
219 | "importance": 0, | ||||
220 | "uuid": "ed739bd6-2fce-416c-a24a-9a85d0a205d0" | ||||
221 | }, | ||||
222 | { | ||||
223 | "code": "13.9-Devices-Protect-IG3", | ||||
224 | "description": "Network monitoring and defense-Deploy port-level access control", | ||||
225 | "importance": 0, | ||||
226 | "uuid": "d97e7de7-32d7-45bd-a149-c60c68b205a1" | ||||
227 | }, | ||||
228 | { | ||||
229 | "code": "14.1-N/A-Protect", | ||||
230 | "description": "Security awareness and skills training-Establish and maintain a security awareness program", | ||||
231 | "importance": 0, | ||||
232 | "uuid": "242c4eef-df6b-4111-b443-c748405d7612" | ||||
233 | }, | ||||
234 | { | ||||
235 | "code": "14.2-N/A-Protect", | ||||
236 | "description": "Security awareness and skills training-Train workforce members to recognize social engineering attacks", | ||||
237 | "importance": 0, | ||||
238 | "uuid": "f9f5f9e1-2909-467a-995f-6aa98e5d5c64" | ||||
239 | }, | ||||
240 | { | ||||
241 | "code": "14.3-N/A-Protect", | ||||
242 | "description": "Security awareness and skills training-Train workforce members on authentication best practices", | ||||
243 | "importance": 0, | ||||
244 | "uuid": "7c0e7f6a-7e63-4837-b1af-64fc4a33094e" | ||||
245 | }, | ||||
246 | { | ||||
247 | "code": "14.4-N/A-Protect", | ||||
248 | "description": "Security awareness and skills training-Train workforce on data handling best practices", | ||||
249 | "importance": 0, | ||||
250 | "uuid": "4d0e4320-e854-4787-ac37-d9781582481b" | ||||
251 | }, | ||||
252 | { | ||||
253 | "code": "14.5-N/A-Protect", | ||||
254 | "description": "Security awareness and skills training-Train workforce members on causes of unintentional data exposure", | ||||
255 | "importance": 0, | ||||
256 | "uuid": "f6d1f4bf-74ff-4075-ba11-e143a0606193" | ||||
257 | }, | ||||
258 | { | ||||
259 | "code": "14.6-N/A-Protect", | ||||
260 | "description": "Security awareness and skills training-Train workforce members on recognizing and reporting security incidents", | ||||
261 | "importance": 0, | ||||
262 | "uuid": "41304900-8386-4462-b6e5-ab24aed576fd" | ||||
263 | }, | ||||
264 | { | ||||
265 | "code": "14.7-N/A-Protect", | ||||
266 | "description": "Security awareness and skills training-Train workforce on how to identify and report if their enterprise assets are missing security updates", | ||||
267 | "importance": 0, | ||||
268 | "uuid": "6a408e9a-eddf-4500-a06c-77fd5e40ceac" | ||||
269 | }, | ||||
270 | { | ||||
271 | "code": "14.8-N/A-Protect", | ||||
272 | "description": "Security awareness and skills training-Train workforce on the dangers of connecting to and transmitting enterprise data over insecure networks", | ||||
273 | "importance": 0, | ||||
274 | "uuid": "675cfd37-7f0e-428d-9897-17e599b359e2" | ||||
275 | }, | ||||
276 | { | ||||
277 | "code": "14.9-N/A-Protect", | ||||
278 | "description": "Security awareness and skills training-Conduct role-specific security awareness and skills training", | ||||
279 | "importance": 0, | ||||
280 | "uuid": "635b5ea6-fac3-4ce0-a2a5-c52d45e45567" | ||||
281 | }, | ||||
282 | { | ||||
283 | "code": "15.1-N/A-Identify", | ||||
284 | "description": "Service provider management-Establish and maintain an inventory of service providers", | ||||
285 | "importance": 0, | ||||
286 | "uuid": "9a93ac72-5e01-40c8-aa59-15ce818dfc9e" | ||||
287 | }, | ||||
288 | { | ||||
289 | "code": "15.2-N/A-Identify", | ||||
290 | "description": "Service provider management-Establish and maintain a service provider management policy", | ||||
291 | "importance": 0, | ||||
292 | "uuid": "3cc0492c-aef0-43e8-a204-518c85e16bfb" | ||||
293 | }, | ||||
294 | { | ||||
295 | "code": "15.3-N/A-Identify", | ||||
296 | "description": "Service provider management-Classify service providers", | ||||
297 | "importance": 0, | ||||
298 | "uuid": "4679c841-a248-4acd-9546-4c0b296667b3" | ||||
299 | }, | ||||
300 | { | ||||
301 | "code": "15.4-N/A-Protect", | ||||
302 | "description": "Service provider management-Ensure service provider contracts include security requirements", | ||||
303 | "importance": 0, | ||||
304 | "uuid": "c5899967-df04-4c30-88f2-9a5063fa9fc0" | ||||
305 | }, | ||||
306 | { | ||||
307 | "code": "15.5-N/A-Identify", | ||||
308 | "description": "Service provider management-Assess service providers", | ||||
309 | "importance": 0, | ||||
310 | "uuid": "306e2298-b1b3-403f-8bb0-0ace52e2ada2" | ||||
311 | }, | ||||
312 | { | ||||
313 | "code": "15.6-Data-Detect-IG3", | ||||
314 | "description": "Service provider management-Monitor service providers", | ||||
315 | "importance": 0, | ||||
316 | "uuid": "2401973b-c535-4e04-b7b6-2e5411b41a84" | ||||
317 | }, | ||||
318 | { | ||||
319 | "code": "15.7-Data-Protect-IG3", | ||||
320 | "description": "Service provider management-Securely decommission service providers", | ||||
321 | "importance": 0, | ||||
322 | "uuid": "d11c9f97-a848-4c18-9153-e0ca31f2dd3c" | ||||
323 | }, | ||||
324 | { | ||||
325 | "code": "16.1-Applications-Protect-IG2", | ||||
326 | "description": "Application software security-Establish and maintain a secure application developmentprocess", | ||||
327 | "importance": 0, | ||||
328 | "uuid": "db784c45-c0b9-43bd-8643-e43fdbb4c437" | ||||
329 | }, | ||||
330 | { | ||||
331 | "code": "16.10-Applications-Protect-IG2", | ||||
332 | "description": "Application software security-Apply secure design principles in application architectures", | ||||
333 | "importance": 0, | ||||
334 | "uuid": "d93d03cd-205d-4ac6-b1a1-ccd278a8061d" | ||||
335 | }, | ||||
336 | { | ||||
337 | "code": "16.11-Applications-Protect-IG2", | ||||
338 | "description": "Application software security-Leverage vetted modules or services for application security components", | ||||
339 | "importance": 0, | ||||
340 | "uuid": "811f7d98-b355-48bf-bb99-d760dfbdcfc6" | ||||
341 | }, | ||||
342 | { | ||||
343 | "code": "16.12-Applications-Protect-IG3", | ||||
344 | "description": "Application software security-Implement code-level security checks", | ||||
345 | "importance": 0, | ||||
346 | "uuid": "17376129-173e-4ca8-8f7c-033b70fb2001" | ||||
347 | }, | ||||
348 | { | ||||
349 | "code": "16.13-Applications-Protect-IG3", | ||||
350 | "description": "Application software security-Conduct application penetration testing", | ||||
351 | "importance": 0, | ||||
352 | "uuid": "53c61b03-34bf-41b7-9739-7be444b7467f" | ||||
353 | }, | ||||
354 | { | ||||
355 | "code": "16.14-Applications-Protect-IG3", | ||||
356 | "description": "Application software security-Conduct threat modeling", | ||||
357 | "importance": 0, | ||||
358 | "uuid": "113cd8a0-199c-4af4-9fb9-9d039513d08f" | ||||
359 | }, | ||||
360 | { | ||||
361 | "code": "16.2-Applications-Protect-IG2", | ||||
362 | "description": "Application software security-Establish and maintain a process to accept and address software vulnerabilities", | ||||
363 | "importance": 0, | ||||
364 | "uuid": "074c5418-aae7-41df-854e-909ccb91d469" | ||||
365 | }, | ||||
366 | { | ||||
367 | "code": "16.3-Applications-Protect-IG2", | ||||
368 | "description": "Application software security-Perform root cause analysis on security vulnerabilities", | ||||
369 | "importance": 0, | ||||
370 | "uuid": "59ef8b71-f972-47dc-be03-0f8b25dfbe80" | ||||
371 | }, | ||||
372 | { | ||||
373 | "code": "16.4-Applications-Protect-IG2", | ||||
374 | "description": "Application software security-Establish and manage an inventory of third-party software components", | ||||
375 | "importance": 0, | ||||
376 | "uuid": "10df85b2-f5e4-48ec-8ff6-ea9e33bd7a3d" | ||||
377 | }, | ||||
378 | { | ||||
379 | "code": "16.5-Applications-Protect-IG2", | ||||
380 | "description": "Application software security-Use up-to-date and trusted third-party software components", | ||||
381 | "importance": 0, | ||||
382 | "uuid": "5cb4fd72-aefd-4d91-a551-85ab75b0fa95" | ||||
383 | }, | ||||
384 | { | ||||
385 | "code": "16.6-Applications-Protect-IG2", | ||||
386 | "description": "Application software security-Establish and maintain a severity rating system and process for application vulnerabilities", | ||||
387 | "importance": 0, | ||||
388 | "uuid": "40780741-bf90-49d0-8cae-8b79b9c67688" | ||||
389 | }, | ||||
390 | { | ||||
391 | "code": "16.7-Applications-Protect-IG2", | ||||
392 | "description": "Application software security-Use standard hardening configuration templates for application infrastructure", | ||||
393 | "importance": 0, | ||||
394 | "uuid": "08765a85-badb-4064-afd2-0a5f44191c09" | ||||
395 | }, | ||||
396 | { | ||||
397 | "code": "16.8-Applications-Protect-IG2", | ||||
398 | "description": "Application software security-Separate production and non-production systems", | ||||
399 | "importance": 0, | ||||
400 | "uuid": "93648fa0-22f5-48db-902b-ea183636ee60" | ||||
401 | }, | ||||
402 | { | ||||
403 | "code": "16.9-Applications-Protect-IG2", | ||||
404 | "description": "Application software security-Train developers in application security concepts and secure coding", | ||||
405 | "importance": 0, | ||||
406 | "uuid": "cf064702-2b50-4584-ad85-b0906fc2cd41" | ||||
407 | }, | ||||
408 | { | ||||
409 | "code": "17.1-N/A-Respond", | ||||
410 | "description": "Incident response management-Designate personnel to manage incident handling", | ||||
411 | "importance": 0, | ||||
412 | "uuid": "21ef0712-1c11-41ee-8779-1df154ba60c0" | ||||
413 | }, | ||||
414 | { | ||||
415 | "code": "17.2-N/A-Respond", | ||||
416 | "description": "Incident response management-Establish and maintain contact information for reporting security incidents", | ||||
417 | "importance": 0, | ||||
418 | "uuid": "63e7f08e-97f8-4158-bda4-236b90c1e3bc" | ||||
419 | }, | ||||
420 | { | ||||
421 | "code": "17.3-N/A-Respond", | ||||
422 | "description": "Incident response management-Establish and maintain an enterprise process for reporting incidents", | ||||
423 | "importance": 0, | ||||
424 | "uuid": "803cce36-fdf0-40c6-b307-f599d1d2dd7b" | ||||
425 | }, | ||||
426 | { | ||||
427 | "code": "17.4-N/A-Respond", | ||||
428 | "description": "Incident response management-Establish and maintain an incident response process", | ||||
429 | "importance": 0, | ||||
430 | "uuid": "28a2bd0e-963a-4136-a2ca-97aaeb464730" | ||||
431 | }, | ||||
432 | { | ||||
433 | "code": "17.5-N/A-Respond", | ||||
434 | "description": "Incident response management-Assign key roles and responsibilities", | ||||
435 | "importance": 0, | ||||
436 | "uuid": "5ffc1ef8-c708-437d-92ed-47a4c009c707" | ||||
437 | }, | ||||
438 | { | ||||
439 | "code": "17.6-N/A-Respond", | ||||
440 | "description": "Incident response management-Define mechanisms for communicating during incident response", | ||||
441 | "importance": 0, | ||||
442 | "uuid": "705f68b7-b2e7-4fc1-8fc2-6f5ca2c907fb" | ||||
443 | }, | ||||
444 | { | ||||
445 | "code": "17.7-N/A-Recover", | ||||
446 | "description": "Incident response management-Conduct routine incident response exercises", | ||||
447 | "importance": 0, | ||||
448 | "uuid": "c4cd4c54-ef9b-4772-b38a-637beb606327" | ||||
449 | }, | ||||
450 | { | ||||
451 | "code": "17.8-N/A-Recover", | ||||
452 | "description": "Incident response management-Conduct post-incident reviews", | ||||
453 | "importance": 0, | ||||
454 | "uuid": "eb3a14e8-43c9-4a37-af9d-210413259eb3" | ||||
455 | }, | ||||
456 | { | ||||
457 | "code": "17.9-N/A-Recover", | ||||
458 | "description": "Incident response management-Establish and maintain security incident thresholds", | ||||
459 | "importance": 0, | ||||
460 | "uuid": "e3484c4b-6fdf-48a8-ba77-91f4f2385daa" | ||||
461 | }, | ||||
462 | { | ||||
463 | "code": "18.1-N/A-Identify", | ||||
464 | "description": "Penetration testing-Establish and maintain a penetration testing program", | ||||
465 | "importance": 0, | ||||
466 | "uuid": "52057c66-fefe-40b9-a176-3eec10c0ab06" | ||||
467 | }, | ||||
468 | { | ||||
469 | "code": "18.2-Network-Identify-IG2", | ||||
470 | "description": "Penetration testing-Perform periodic external penetration tests", | ||||
471 | "importance": 0, | ||||
472 | "uuid": "d39d0f22-cdbb-4577-9285-1de2a6f7036b" | ||||
473 | }, | ||||
474 | { | ||||
475 | "code": "18.3-Network-Protect-IG2-IG1", | ||||
476 | "description": "Penetration testing-Remediate penetration test findings", | ||||
477 | "importance": 0, | ||||
478 | "uuid": "c0d370ca-5c25-4c22-becc-79516a026298" | ||||
479 | }, | ||||
480 | { | ||||
481 | "code": "18.4-Network-Protect-IG3-IG2", | ||||
482 | "description": "Penetration testing-Validate security measures", | ||||
483 | "importance": 0, | ||||
484 | "uuid": "3eee979d-2e78-4b4f-aaa1-701a1eb81bd3" | ||||
485 | }, | ||||
486 | { | ||||
487 | "code": "18.5-N/A-Identify", | ||||
488 | "description": "Penetration testing-Perform periodic internal penetration tests", | ||||
489 | "importance": 0, | ||||
490 | "uuid": "8bf03dd7-9b05-4d90-9e78-b8745eb163fa" | ||||
491 | }, | ||||
492 | { | ||||
493 | "code": "2.1-Applications-Identify-IG1", | ||||
494 | "description": "Inventory and control of software assets-Establish and maintain a software inventory", | ||||
495 | "importance": 0, | ||||
496 | "uuid": "cb300188-2a2a-47aa-a5d1-89292844d692" | ||||
497 | }, | ||||
498 | { | ||||
499 | "code": "2.2-Applications-Identify-IG1", | ||||
500 | "description": "Inventory and control of software assets-Ensure authorized software is currently supported ", | ||||
501 | "importance": 0, | ||||
502 | "uuid": "5b7c6e6c-a603-4c92-9721-a8a24177cbaa" | ||||
503 | }, | ||||
504 | { | ||||
505 | "code": "2.3-Applications-Respond-IG1", | ||||
506 | "description": "Inventory and control of software assets-Address unauthorized software", | ||||
507 | "importance": 0, | ||||
508 | "uuid": "93befead-5a8f-4df7-91a2-b23e3f922f48" | ||||
509 | }, | ||||
510 | { | ||||
511 | "code": "2.4-Applications-Detect-IG2", | ||||
512 | "description": "Inventory and control of software assets-Utilize automated software inventory tools", | ||||
513 | "importance": 0, | ||||
514 | "uuid": "155fea9b-0ca0-4c3a-9414-91928f7af662" | ||||
515 | }, | ||||
516 | { | ||||
517 | "code": "2.5-Applications-Protect-IG2", | ||||
518 | "description": "Inventory and control of software assets-Allowlist authorized software", | ||||
519 | "importance": 0, | ||||
520 | "uuid": "b6772c6b-9654-4467-a149-696f82947075" | ||||
521 | }, | ||||
522 | { | ||||
523 | "code": "2.6-Applications-Protect-IG2", | ||||
524 | "description": "Inventory and control of software assets-Allowlist authorized libraries", | ||||
525 | "importance": 0, | ||||
526 | "uuid": "4a7cc9ba-ae68-41c7-8a96-f4ebbe452acf" | ||||
527 | }, | ||||
528 | { | ||||
529 | "code": "2.7-Applications-Protect-IG3", | ||||
530 | "description": "Inventory and control of software assets-Allowlist authorized scripts", | ||||
531 | "importance": 0, | ||||
532 | "uuid": "26e285a6-3197-413d-9599-fd466286b958" | ||||
533 | }, | ||||
534 | { | ||||
535 | "code": "3.1-Data-Identify-IG1", | ||||
536 | "description": "Data protection-Establish and maintain a data management process", | ||||
537 | "importance": 0, | ||||
538 | "uuid": "514fbadc-c751-4852-9fd6-8351b6054f8d" | ||||
539 | }, | ||||
540 | { | ||||
541 | "code": "3.1-Data-Protect-IG1", | ||||
542 | "description": "Data protection-Encrypt sensitive data in transit", | ||||
543 | "importance": 0, | ||||
544 | "uuid": "a243b1de-67d6-463a-9fa8-c424beda6250" | ||||
545 | }, | ||||
546 | { | ||||
547 | "code": "3.11-Data-Protect-IG2", | ||||
548 | "description": "Data protection-Encrypt sensitive data at rest", | ||||
549 | "importance": 0, | ||||
550 | "uuid": "da4089a1-4a1e-46c2-aeef-8f502b37ade2" | ||||
551 | }, | ||||
552 | { | ||||
553 | "code": "3.12-Network-Protect-IG2", | ||||
554 | "description": "Data protection-Segment data processing and storage based on sensitivity", | ||||
555 | "importance": 0, | ||||
556 | "uuid": "7c72e13e-e088-4e44-9910-c86c3de60d10" | ||||
557 | }, | ||||
558 | { | ||||
559 | "code": "3.13-Data-Protect-IG3", | ||||
560 | "description": "Data protection-Deploy a data loss prevention solution", | ||||
561 | "importance": 0, | ||||
562 | "uuid": "0496fa97-cdcb-4199-bec9-973feb9fe8d2" | ||||
563 | }, | ||||
564 | { | ||||
565 | "code": "3.14-Data-Detect-IG3", | ||||
566 | "description": "Data protection-Log sensitive data access", | ||||
567 | "importance": 0, | ||||
568 | "uuid": "ccf1033b-824a-438d-b12b-a25e3c7d6684" | ||||
569 | }, | ||||
570 | { | ||||
571 | "code": "3.2-Data-Identify-IG1", | ||||
572 | "description": "Data protection-Establish and maintain a data inventory", | ||||
573 | "importance": 0, | ||||
574 | "uuid": "e6452c3e-4246-480d-aa6a-7215203710ad" | ||||
575 | }, | ||||
576 | { | ||||
577 | "code": "3.3-Data-Protect-IG1", | ||||
578 | "description": "Data protection-Configure data access control lists", | ||||
579 | "importance": 0, | ||||
580 | "uuid": "1294ffcd-b674-4643-9991-4e7320390122" | ||||
581 | }, | ||||
582 | { | ||||
583 | "code": "3.4-Data-Protect-IG1", | ||||
584 | "description": "Data protection-Enforce data retention", | ||||
585 | "importance": 0, | ||||
586 | "uuid": "a70a5a30-b5e5-4ea6-acbe-834746a0fed1" | ||||
587 | }, | ||||
588 | { | ||||
589 | "code": "3.5-Data-Protect-IG1", | ||||
590 | "description": "Data protection-Securely dispose of data", | ||||
591 | "importance": 0, | ||||
592 | "uuid": "59984672-7139-45c4-997f-e66feab835a9" | ||||
593 | }, | ||||
594 | { | ||||
595 | "code": "3.6-Devices-Protect-IG1", | ||||
596 | "description": "Data protection-Encrypt data on end-user devices", | ||||
597 | "importance": 0, | ||||
598 | "uuid": "f77bf54d-1cda-4dda-aa3f-cb6629029d8c" | ||||
599 | }, | ||||
600 | { | ||||
601 | "code": "3.7-Data-Identify-IG2", | ||||
602 | "description": "Data protection-Establish and maintain a data classification scheme", | ||||
603 | "importance": 0, | ||||
604 | "uuid": "99eb13c7-2d8d-4d53-8e19-871214d91f39" | ||||
605 | }, | ||||
606 | { | ||||
607 | "code": "3.8-Data-Identify-IG2", | ||||
608 | "description": "Data protection-Document data flows", | ||||
609 | "importance": 0, | ||||
610 | "uuid": "24dc11d3-998b-47ca-b7f4-40310afa3c03" | ||||
611 | }, | ||||
612 | { | ||||
613 | "code": "3.9-Data-Protect-IG2", | ||||
614 | "description": "Data protection-Encrypt data on removable media", | ||||
615 | "importance": 0, | ||||
616 | "uuid": "d796c0d3-8205-4732-a3d1-d7832c8a89d5" | ||||
617 | }, | ||||
618 | { | ||||
619 | "code": "4.1-Applications-Protect-IG1", | ||||
620 | "description": "Secure configuration of enterprise assets and software-Establish and maintain a secure configuration process", | ||||
621 | "importance": 0, | ||||
622 | "uuid": "eeb97c09-6a2c-412c-87b1-b39df7fa3630" | ||||
623 | }, | ||||
624 | { | ||||
625 | "code": "4.1-Devices-Respond-IG1", | ||||
626 | "description": "Secure configuration of enterprise assets and software-Enforce automatic device lockout on portable end-user devices", | ||||
627 | "importance": 0, | ||||
628 | "uuid": "a8f19c86-2de7-4f2a-b444-7a35fedbc9d6" | ||||
629 | }, | ||||
630 | { | ||||
631 | "code": "4.11-Devices-Protect-IG2", | ||||
632 | "description": "Secure configuration of enterprise assets and software-Enforce remote wipe capability on portable end-user devices", | ||||
633 | "importance": 0, | ||||
634 | "uuid": "943a0a0e-82e4-4f32-af2c-4bdded48773f" | ||||
635 | }, | ||||
636 | { | ||||
637 | "code": "4.12-Devices-Protect-IG3", | ||||
638 | "description": "Secure configuration of enterprise assets and software-Separate enterprise workspaces on mobile end-user devices", | ||||
639 | "importance": 0, | ||||
640 | "uuid": "bde651cc-d6ef-4e2b-ab5e-4aed6699b2e6" | ||||
641 | }, | ||||
642 | { | ||||
643 | "code": "4.2-Network-Protect-IG1", | ||||
644 | "description": "Secure configuration of enterprise assets and software-Establish and maintain a secure configuration process for network infrastructure", | ||||
645 | "importance": 0, | ||||
646 | "uuid": "b9766b93-09d4-4b1b-b848-9c03aaeed19b" | ||||
647 | }, | ||||
648 | { | ||||
649 | "code": "4.3-Users-Protect-IG1", | ||||
650 | "description": "Secure configuration of enterprise assets and software-Configure automatic session locking on enterprise assets", | ||||
651 | "importance": 0, | ||||
652 | "uuid": "7c0f8833-55f5-44a8-b244-b3beb4b28e4d" | ||||
653 | }, | ||||
654 | { | ||||
655 | "code": "4.4-Devices-Protect-IG1", | ||||
656 | "description": "Secure configuration of enterprise assets and software-Implement and manage a firewall on servers", | ||||
657 | "importance": 0, | ||||
658 | "uuid": "28c3e828-507b-4b48-b9a5-98cf200725b0" | ||||
659 | }, | ||||
660 | { | ||||
661 | "code": "4.5-Devices-Protect-IG1", | ||||
662 | "description": "Secure configuration of enterprise assets and software-Implement and manage a firewall on end-user devices", | ||||
663 | "importance": 0, | ||||
664 | "uuid": "5b35e2e9-d622-43e2-90d5-9378af88feaa" | ||||
665 | }, | ||||
666 | { | ||||
667 | "code": "4.6-Network-Protect-IG1", | ||||
668 | "description": "Secure configuration of enterprise assets and software-Securely manage enterprise assets and software", | ||||
669 | "importance": 0, | ||||
670 | "uuid": "f33e930d-5109-4554-88ce-ea57c3328884" | ||||
671 | }, | ||||
672 | { | ||||
673 | "code": "4.7-Users-Protect-IG1", | ||||
674 | "description": "Secure configuration of enterprise assets and software-Manage default accounts on enterprise assets and software", | ||||
675 | "importance": 0, | ||||
676 | "uuid": "b964543d-bf6e-49c6-87c9-4d585bcb8b16" | ||||
677 | }, | ||||
678 | { | ||||
679 | "code": "4.8-Devices-Protect-IG2", | ||||
680 | "description": "Secure configuration of enterprise assets and software-Uninstall or disable unnecessary services on enterprise assets and software", | ||||
681 | "importance": 0, | ||||
682 | "uuid": "de1d62d8-b9da-48b7-acd9-317999d9a242" | ||||
683 | }, | ||||
684 | { | ||||
685 | "code": "4.9-Devices-Protect-IG2", | ||||
686 | "description": "Secure configuration of enterprise assets and software-Configure trusted DNS servers on enterprise assets", | ||||
687 | "importance": 0, | ||||
688 | "uuid": "a6d7262a-2da6-4228-8032-50ea496ca8d3" | ||||
689 | }, | ||||
690 | { | ||||
691 | "code": "5.1-Users-Identify-IG1", | ||||
692 | "description": "Account management-Establish and maintain an inventory of accounts", | ||||
693 | "importance": 0, | ||||
694 | "uuid": "79c1bac9-8681-497d-ae56-b5d7320fcc4e" | ||||
695 | }, | ||||
696 | { | ||||
697 | "code": "5.2-Users-Protect-IG1", | ||||
698 | "description": "Account management-Use unique passwords", | ||||
699 | "importance": 0, | ||||
700 | "uuid": "198f625b-65ba-4355-9d12-ca6b4ce63e58" | ||||
701 | }, | ||||
702 | { | ||||
703 | "code": "5.3-Users-Respond-IG1", | ||||
704 | "description": "Account management-Disable dormant accounts", | ||||
705 | "importance": 0, | ||||
706 | "uuid": "9f5b502d-96c2-4568-a7e2-9d24eeb54ea7" | ||||
707 | }, | ||||
708 | { | ||||
709 | "code": "5.4-Users-Protect-IG1", | ||||
710 | "description": "Account management-Restrict administrator privileges to dedicated administrator accounts", | ||||
711 | "importance": 0, | ||||
712 | "uuid": "efd5342b-ddff-42b0-b5d9-302ece0948c4" | ||||
713 | }, | ||||
714 | { | ||||
715 | "code": "5.5-Users-Identify-IG2", | ||||
716 | "description": "Account management-Establish and maintain an inventory of service accounts", | ||||
717 | "importance": 0, | ||||
718 | "uuid": "127d4313-783f-4c3c-ba54-565d8b843dd0" | ||||
719 | }, | ||||
720 | { | ||||
721 | "code": "5.6-Users-Protect-IG2", | ||||
722 | "description": "Account management-Centralize account management", | ||||
723 | "importance": 0, | ||||
724 | "uuid": "9a7f9aac-6cc2-4e4e-8470-9d56e8c38cc2" | ||||
725 | }, | ||||
726 | { | ||||
727 | "code": "6.1-Users-Protect-IG1", | ||||
728 | "description": "Access control management-Establish an access granting process", | ||||
729 | "importance": 0, | ||||
730 | "uuid": "a45dddcc-87b5-4b3e-8bfb-5e84b556fb45" | ||||
731 | }, | ||||
732 | { | ||||
733 | "code": "6.2-Users-Protect-IG1", | ||||
734 | "description": "Access control management-Establish an access revoking process", | ||||
735 | "importance": 0, | ||||
736 | "uuid": "e0100354-04eb-4e4c-91b3-180d5ac0914d" | ||||
737 | }, | ||||
738 | { | ||||
739 | "code": "6.3-Users-Protect-IG1", | ||||
740 | "description": "Access control management-Require MFA for externally-exposed applications", | ||||
741 | "importance": 0, | ||||
742 | "uuid": "5df20f59-7c9a-4f73-b93d-06a8d9a6e305" | ||||
743 | }, | ||||
744 | { | ||||
745 | "code": "6.4-Users-Protect-IG1", | ||||
746 | "description": "Access control management-Require MFA for remote network access", | ||||
747 | "importance": 0, | ||||
748 | "uuid": "3952da07-2c10-4bfb-922a-4bf7a3efd8a5" | ||||
749 | }, | ||||
750 | { | ||||
751 | "code": "6.5-Users-Protect-IG1", | ||||
752 | "description": "Access control management-Require MFA for administrative access", | ||||
753 | "importance": 0, | ||||
754 | "uuid": "feb19850-2fdf-4e3b-b585-1306ec5a6e3e" | ||||
755 | }, | ||||
756 | { | ||||
757 | "code": "6.6-Users-Identify-IG2", | ||||
758 | "description": "Access control management-Establish and maintain an inventory of authentication and authorization systems", | ||||
759 | "importance": 0, | ||||
760 | "uuid": "3fcea4a8-7455-4108-9519-d96201946178" | ||||
761 | }, | ||||
762 | { | ||||
763 | "code": "6.7-Users-Protect-IG2", | ||||
764 | "description": "Access control management-Centralize access control", | ||||
765 | "importance": 0, | ||||
766 | "uuid": "5d4e75d0-b4a9-407e-97fd-531679846792" | ||||
767 | }, | ||||
768 | { | ||||
769 | "code": "6.8-Data-Protect-IG3", | ||||
770 | "description": "Access control management-Define and maintain role-based access control (RBAC)", | ||||
771 | "importance": 0, | ||||
772 | "uuid": "bb855630-0b87-4f53-a47a-3ca2dab1b031" | ||||
773 | }, | ||||
774 | { | ||||
775 | "code": "7.1-Applications-Protect-IG1", | ||||
776 | "description": "Continuous vulnerability management-Establish and maintain a vulnerability management process", | ||||
777 | "importance": 0, | ||||
778 | "uuid": "7aa13de2-dc5f-439b-978c-b5560f996618" | ||||
779 | }, | ||||
780 | { | ||||
781 | "code": "7.2-Applications-Respond-IG1", | ||||
782 | "description": "Continuous vulnerability management-Establish and maintain a remediation process", | ||||
783 | "importance": 0, | ||||
784 | "uuid": "e7ebffb5-60c8-424a-bee1-a3381548fee4" | ||||
785 | }, | ||||
786 | { | ||||
787 | "code": "7.3-Applications-Protect-IG1", | ||||
788 | "description": "Continuous vulnerability management-Perform automated operating system patch management", | ||||
789 | "importance": 0, | ||||
790 | "uuid": "696a813c-bcfd-4232-a5e7-203f15abd40e" | ||||
791 | }, | ||||
792 | { | ||||
793 | "code": "7.4-Applications-Protect-IG1", | ||||
794 | "description": "Continuous vulnerability management-Perform automated application patch management", | ||||
795 | "importance": 0, | ||||
796 | "uuid": "dae71e2c-d17e-43fb-8c0a-08833ffd4c4c" | ||||
797 | }, | ||||
798 | { | ||||
799 | "code": "7.5-Applications-Identify-IG2", | ||||
800 | "description": "Continuous vulnerability management-Perform automated vulnerability scans of internal enterprise assets", | ||||
801 | "importance": 0, | ||||
802 | "uuid": "4bd271b1-7cb9-487c-aa33-9e9a58333539" | ||||
803 | }, | ||||
804 | { | ||||
805 | "code": "7.6-Applications-Identify-IG2", | ||||
806 | "description": "Continuous vulnerability management-Perform automated vulnerability scans of externally-exposed enterprise assets", | ||||
807 | "importance": 0, | ||||
808 | "uuid": "7cfd1b0c-94a2-4758-b560-22559d6ab0aa" | ||||
809 | }, | ||||
810 | { | ||||
811 | "code": "7.7-Applications-Respond-IG2", | ||||
812 | "description": "Continuous vulnerability management-Remediate detected vulnerabilities", | ||||
813 | "importance": 0, | ||||
814 | "uuid": "1b2a0f89-eff4-45f6-a4d2-1162b4f9833d" | ||||
815 | }, | ||||
816 | { | ||||
817 | "code": "8.1-Network-Protect-IG1", | ||||
818 | "description": "Audit log management-Establish and maintain an audit log management process", | ||||
819 | "importance": 0, | ||||
820 | "uuid": "6587f6b6-8117-4880-9a53-a33d1c45ddac" | ||||
821 | }, | ||||
822 | { | ||||
823 | "code": "8.10-Network-Protect-IG2", | ||||
824 | "description": "Audit log management-Retain audit logs", | ||||
825 | "importance": 0, | ||||
826 | "uuid": "d55223d6-9722-4f41-ae68-cd97baaa3efa" | ||||
827 | }, | ||||
828 | { | ||||
829 | "code": "8.11-Network-Detect-IG2", | ||||
830 | "description": "Audit log management-Conduct audit log reviews", | ||||
831 | "importance": 0, | ||||
832 | "uuid": "51fddb77-d00e-49d5-b6d5-8cc9aeaf28bf" | ||||
833 | }, | ||||
834 | { | ||||
835 | "code": "8.12-Data-Detect-IG3", | ||||
836 | "description": "Audit log management-Collect service provider logs", | ||||
837 | "importance": 0, | ||||
838 | "uuid": "388dda2b-99ed-469b-874f-fb34a8e3da75" | ||||
839 | }, | ||||
840 | { | ||||
841 | "code": "8.2-Network-Detect-IG1", | ||||
842 | "description": "Audit log management-Collect audit logs", | ||||
843 | "importance": 0, | ||||
844 | "uuid": "fc1e36ed-edfd-416d-9aa9-3ffe02870e8c" | ||||
845 | }, | ||||
846 | { | ||||
847 | "code": "8.3-Network-Protect-IG1", | ||||
848 | "description": "Audit log management-Ensure adequate audit log storage", | ||||
849 | "importance": 0, | ||||
850 | "uuid": "b787f52d-d2b2-468b-95dc-c3d45cb558be" | ||||
851 | }, | ||||
852 | { | ||||
853 | "code": "8.4-Network-Protect-IG2", | ||||
854 | "description": "Audit log management-Standardize time synchronization", | ||||
855 | "importance": 0, | ||||
856 | "uuid": "592c3e38-4701-4d48-ae0b-0860d60421e9" | ||||
857 | }, | ||||
858 | { | ||||
859 | "code": "8.5-Network-Detect-IG2", | ||||
860 | "description": "Audit log management-Collect detailed audit logs", | ||||
861 | "importance": 0, | ||||
862 | "uuid": "413b6bf4-baa3-460c-ba86-87d8cae5a7f8" | ||||
863 | }, | ||||
864 | { | ||||
865 | "code": "8.6-Network-Detect-IG2", | ||||
866 | "description": "Audit log management-Collect DNS query audit logs", | ||||
867 | "importance": 0, | ||||
868 | "uuid": "65b355d4-380a-48bb-8816-a6f8664efa5f" | ||||
869 | }, | ||||
870 | { | ||||
871 | "code": "8.7-Network-Detect-IG2", | ||||
872 | "description": "Audit log management-Collect URL request audit logs", | ||||
873 | "importance": 0, | ||||
874 | "uuid": "7872331d-07b1-4f5c-90e3-a6b859e24851" | ||||
875 | }, | ||||
876 | { | ||||
877 | "code": "8.8-Devices-Detect-IG2", | ||||
878 | "description": "Audit log management-Collect command-line audit logs", | ||||
879 | "importance": 0, | ||||
880 | "uuid": "43a1cc08-ce70-41a2-8dd9-7570084128b6" | ||||
881 | }, | ||||
882 | { | ||||
883 | "code": "8.9-Network-Detect-IG2", | ||||
884 | "description": "Audit log management-Centralize audit logs", | ||||
885 | "importance": 0, | ||||
886 | "uuid": "809ac4bb-bea5-49bb-9f52-9763acad34a3" | ||||
887 | }, | ||||
888 | { | ||||
889 | "code": "9.1-Applications-Protect-IG1", | ||||
890 | "description": "Email and web browser protections-Ensure use of only fully supported browsers and email clients", | ||||
891 | "importance": 0, | ||||
892 | "uuid": "3c4d4eaa-adb3-4837-b361-7b7537817172" | ||||
893 | }, | ||||
894 | { | ||||
895 | "code": "9.2-Network-Protect-IG1", | ||||
896 | "description": "Email and web browser protections-Use DNS filtering services", | ||||
897 | "importance": 0, | ||||
898 | "uuid": "934174ab-91fc-4792-bdf7-18c69f3e02fe" | ||||
899 | }, | ||||
900 | { | ||||
901 | "code": "9.3-Network-Protect-IG2", | ||||
902 | "description": "Email and web browser protections-Maintain and enforce network-based url filters", | ||||
903 | "importance": 0, | ||||
904 | "uuid": "ba8ae738-a5b1-4ceb-90ea-702a613a7721" | ||||
905 | }, | ||||
906 | { | ||||
907 | "code": "9.4-Applications-Protect-IG2", | ||||
908 | "description": "Email and web browser protections-Restrict unnecessary or unauthorized browser and email client extensions", | ||||
909 | "importance": 0, | ||||
910 | "uuid": "9e4dd002-04af-44ae-806f-ea57cdfde604" | ||||
911 | }, | ||||
912 | { | ||||
913 | "code": "9.5-Network-Protect-IG2", | ||||
914 | "description": "Email and web browser protections-Implement DMARC", | ||||
915 | "importance": 0, | ||||
916 | "uuid": "f58a964d-47a7-47bb-a8c8-95e97f2c874f" | ||||
917 | }, | ||||
918 | { | ||||
919 | "code": "9.6-Network-Protect-IG2", | ||||
920 | "description": "Email and web browser protections-Block unnecessary file types", | ||||
921 | "importance": 0, | ||||
922 | "uuid": "5296d4df-1df0-492d-b5fe-a93dfc255fb1" | ||||
923 | }, | ||||
924 | { | ||||
925 | "code": "9.7-Network-Protect-IG3", | ||||
926 | "description": "Email and web browser protections-Deploy and maintain email server anti-malware protections", | ||||
927 | "importance": 0, | ||||
928 | "uuid": "a236845e-734b-4632-8b21-4c1d2eb1eff1" | ||||
929 | } | ||||
930 | ], | ||||
931 | "version": 1 | ||||
932 | } |