Description
CIS Controls are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks.
Format of the recommendations:
code: concatenation of
- safeguard identifier
- asset Type: Devices, Applications, Data Network, Users or N/A
- security function: Identify, Protect, Detect, Respond or Recover
- minimal implementation group: IG1, IG2, IG3
description: concatenation of
- control
- safeguard title
Owning organization
Validating JSON schema
Recommendations (provided by MONARC)
Creator
License
Creative Commons Zero v1.0 Universal
Related objects
Definition of the object
{
"authors": [
"S3cN3tSys"
],
"label": "CIS Controls v8 safeguards",
"language": "EN",
"refs": [
"https://www.cisecurity.org/controls/v8/"
],
"uuid": "e104cdf4-2fff-4989-9636-c16ddd8b2a78",
"values": [
{
"code": "1.1-Devices-Identify-IG1",
"description": "Inventory and control of enterprise assets-Establish and maintain detailed enterprise asset inventory",
"importance": 0,
"uuid": "bddbfd9a-bd01-4818-9b0f-59b876243c90"
},
{
"code": "1.2-Devices-Respond-IG1",
"description": "Inventory and control of enterprise assets-Address unauthorized assets",
"importance": 0,
"uuid": "df7b8cf0-93ef-49ce-bb41-3ae405ed0953"
},
{
"code": "1.3-Devices-Detect-IG2",
"description": "Inventory and control of enterprise assets-Utilize an active discovery tool",
"importance": 0,
"uuid": "0a290b75-f9a0-4103-a5ee-95900765c420"
},
{
"code": "1.4-Devices-Identify-IG2",
"description": "Inventory and control of enterprise assets-Use dynamic host configuration protocol (DHCP) logging to update enterprise asset inventory",
"importance": 0,
"uuid": "b511f821-a439-4591-b3ae-018e4669ecd2"
},
{
"code": "1.5-Devices-Detect-IG3",
"description": "Inventory and control of enterprise assets-Use a passive asset discovery tool",
"importance": 0,
"uuid": "e087cb99-8458-46e9-a685-d8b9c1d90309"
},
{
"code": "10.1-Devices-Protect-IG1",
"description": "Malware defenses-Deploy and maintain anti-malware software",
"importance": 0,
"uuid": "3dc09e1e-964f-465d-81b3-e7bee3dc4fc2"
},
{
"code": "10.2-Devices-Protect-IG1",
"description": "Malware defenses-Configure automatic anti-malware signature updates",
"importance": 0,
"uuid": "d6c49f98-6204-42e6-a1f4-f0f7206e2485"
},
{
"code": "10.3-Devices-Protect-IG1",
"description": "Malware defenses-Disable autorun and autoplay for removable media",
"importance": 0,
"uuid": "d25cd6be-da2a-4262-9949-168cdd555c36"
},
{
"code": "10.4-Devices-Detect-IG2",
"description": "Malware defenses-Configure automatic anti-malware scanning of removable media",
"importance": 0,
"uuid": "0f85c704-796b-4620-ab3b-307d870cf02e"
},
{
"code": "10.5-Devices-Protect-IG2",
"description": "Malware defenses-Enable anti-exploitation features",
"importance": 0,
"uuid": "71bcef8a-b0f9-4a9d-8736-7106eed100aa"
},
{
"code": "10.6-Devices-Protect-IG2",
"description": "Malware defenses-Centrally manage anti-malware software",
"importance": 0,
"uuid": "992326df-4230-4411-8369-271031da8fd3"
},
{
"code": "10.7-Devices-Detect-IG2",
"description": "Malware defenses-Use behavior-based anti-malware software",
"importance": 0,
"uuid": "5ff9342c-ef4b-4a94-846b-116449b816cc"
},
{
"code": "11.1-Data-Recover-IG1",
"description": "Data recovery-Establish and maintain a data recovery process",
"importance": 0,
"uuid": "a13ea0ef-ffb0-40b1-ad2a-12575023abc3"
},
{
"code": "11.2-Data-Recover-IG1",
"description": "Data recovery-Perform automated backups",
"importance": 0,
"uuid": "5d962f76-f06c-4ac8-8719-1e076bc045fa"
},
{
"code": "11.3-Data-Protect-IG1",
"description": "Data recovery-Protect recovery data",
"importance": 0,
"uuid": "8f1aea43-f84d-42f8-963b-f022bc26e0f0"
},
{
"code": "11.4-Data-Recover-IG1",
"description": "Data recovery-Establish and maintain an isolated instance of recovery data",
"importance": 0,
"uuid": "1856b595-3895-4dff-9ceb-558abec393f2"
},
{
"code": "11.5-Data-Recover-IG2",
"description": "Data recovery-Test data recovery",
"importance": 0,
"uuid": "d54a8077-661a-4aaa-b90e-f61e23764513"
},
{
"code": "12.1-Network-Protect-IG1",
"description": "Network infrastructure management-Ensure network infrastructure is up-to-date",
"importance": 0,
"uuid": "6f3c9210-54be-4aef-a326-c46389d34e5a"
},
{
"code": "12.2-Network-Protect-IG2",
"description": "Network infrastructure management-Establish and maintain a secure network architecture",
"importance": 0,
"uuid": "3b941a78-f75b-4b7d-9565-c3840af19471"
},
{
"code": "12.3-Network-Protect-IG2",
"description": "Network infrastructure management-Securely manage network infrastructure",
"importance": 0,
"uuid": "b3a03b9b-5f74-4a5b-9043-8662221dcde5"
},
{
"code": "12.4-Network-Identify-IG2",
"description": "Network infrastructure management-Establish and maintain architecture diagram(s)",
"importance": 0,
"uuid": "d6bb7326-163d-4c9d-a94c-f910a345cc55"
},
{
"code": "12.5-Network-Protect-IG2",
"description": "Network infrastructure management-Centralize network authentication; authorization; and auditing (AAA)",
"importance": 0,
"uuid": "bb69f5e6-5745-4a70-b863-248ba2a6fae2"
},
{
"code": "12.6-Network-Protect-IG2",
"description": "Network infrastructure management-Use of secure network management and communication protocols",
"importance": 0,
"uuid": "ad65c163-116b-4ff9-afc1-d2986362958c"
},
{
"code": "12.7-Devices-Protect-IG2",
"description": "Network infrastructure management-Ensure remote devices utilize a vpn and are connecting to an enterprises aaa infrastructure",
"importance": 0,
"uuid": "10779a71-e1a5-40bc-8035-65c1e879b3fb"
},
{
"code": "12.8-Devices-Protect-IG3",
"description": "Network infrastructure management-Establish and maintain dedicated computing resources for all administrative work",
"importance": 0,
"uuid": "6b2e129e-7212-418f-b73e-98ece0f5495a"
},
{
"code": "13.1-Network-Detect-IG2",
"description": "Network monitoring and defense-Centralize security event alerting",
"importance": 0,
"uuid": "67f9d216-3a19-41fe-9867-3ad72e46a8e4"
},
{
"code": "13.1-Network-Protect-IG2",
"description": "Network monitoring and defense-Perform application layer filtering",
"importance": 0,
"uuid": "7ceb6e84-5b91-4768-bac2-f5f378b17d39"
},
{
"code": "13.11-Network-Detect-IG3",
"description": "Network monitoring and defense-Tune security event alerting thresholds",
"importance": 0,
"uuid": "c36588b7-3795-4d29-aeb1-cad9779e071e"
},
{
"code": "13.2-Devices-Detect-IG2",
"description": "Network monitoring and defense-Deploy a host-based intrusion detection solution",
"importance": 0,
"uuid": "8b0e9aa6-563d-4932-b84e-42f7f5fa4b66"
},
{
"code": "13.3-Network-Detect-IG2",
"description": "Network monitoring and defense-Deploy a network intrusion detection solution",
"importance": 0,
"uuid": "8ad4ac5f-27d8-4088-8fdf-428dbca182ef"
},
{
"code": "13.4-Network-Protect-IG2",
"description": "Network monitoring and defense-Perform traffic filtering between network segments",
"importance": 0,
"uuid": "926bbf48-ac93-47b4-9c88-e18f3d2e0dd5"
},
{
"code": "13.5-Devices-Protect-IG2",
"description": "Network monitoring and defense-Manage access control for remote assets",
"importance": 0,
"uuid": "077f28d8-ad9f-429d-96dc-31f91b7daf3c"
},
{
"code": "13.6-Network-Detect-IG2",
"description": "Network monitoring and defense-Collect network traffic flow logs ",
"importance": 0,
"uuid": "db99bd9e-2b52-4513-9385-7ccb7fec8325"
},
{
"code": "13.7-Devices-Protect-IG3",
"description": "Network monitoring and defense-Deploy a host-based intrusion prevention solution",
"importance": 0,
"uuid": "8fc8c868-4a72-4a49-af62-01b0b7931475"
},
{
"code": "13.8-Network-Protect-IG3",
"description": "Network monitoring and defense-Deploy a network intrusion prevention solution",
"importance": 0,
"uuid": "ed739bd6-2fce-416c-a24a-9a85d0a205d0"
},
{
"code": "13.9-Devices-Protect-IG3",
"description": "Network monitoring and defense-Deploy port-level access control",
"importance": 0,
"uuid": "d97e7de7-32d7-45bd-a149-c60c68b205a1"
},
{
"code": "14.1-N/A-Protect",
"description": "Security awareness and skills training-Establish and maintain a security awareness program",
"importance": 0,
"uuid": "242c4eef-df6b-4111-b443-c748405d7612"
},
{
"code": "14.2-N/A-Protect",
"description": "Security awareness and skills training-Train workforce members to recognize social engineering attacks",
"importance": 0,
"uuid": "f9f5f9e1-2909-467a-995f-6aa98e5d5c64"
},
{
"code": "14.3-N/A-Protect",
"description": "Security awareness and skills training-Train workforce members on authentication best practices",
"importance": 0,
"uuid": "7c0e7f6a-7e63-4837-b1af-64fc4a33094e"
},
{
"code": "14.4-N/A-Protect",
"description": "Security awareness and skills training-Train workforce on data handling best practices",
"importance": 0,
"uuid": "4d0e4320-e854-4787-ac37-d9781582481b"
},
{
"code": "14.5-N/A-Protect",
"description": "Security awareness and skills training-Train workforce members on causes of unintentional data exposure",
"importance": 0,
"uuid": "f6d1f4bf-74ff-4075-ba11-e143a0606193"
},
{
"code": "14.6-N/A-Protect",
"description": "Security awareness and skills training-Train workforce members on recognizing and reporting security incidents",
"importance": 0,
"uuid": "41304900-8386-4462-b6e5-ab24aed576fd"
},
{
"code": "14.7-N/A-Protect",
"description": "Security awareness and skills training-Train workforce on how to identify and report if their enterprise assets are missing security updates",
"importance": 0,
"uuid": "6a408e9a-eddf-4500-a06c-77fd5e40ceac"
},
{
"code": "14.8-N/A-Protect",
"description": "Security awareness and skills training-Train workforce on the dangers of connecting to and transmitting enterprise data over insecure networks",
"importance": 0,
"uuid": "675cfd37-7f0e-428d-9897-17e599b359e2"
},
{
"code": "14.9-N/A-Protect",
"description": "Security awareness and skills training-Conduct role-specific security awareness and skills training",
"importance": 0,
"uuid": "635b5ea6-fac3-4ce0-a2a5-c52d45e45567"
},
{
"code": "15.1-N/A-Identify",
"description": "Service provider management-Establish and maintain an inventory of service providers",
"importance": 0,
"uuid": "9a93ac72-5e01-40c8-aa59-15ce818dfc9e"
},
{
"code": "15.2-N/A-Identify",
"description": "Service provider management-Establish and maintain a service provider management policy",
"importance": 0,
"uuid": "3cc0492c-aef0-43e8-a204-518c85e16bfb"
},
{
"code": "15.3-N/A-Identify",
"description": "Service provider management-Classify service providers",
"importance": 0,
"uuid": "4679c841-a248-4acd-9546-4c0b296667b3"
},
{
"code": "15.4-N/A-Protect",
"description": "Service provider management-Ensure service provider contracts include security requirements",
"importance": 0,
"uuid": "c5899967-df04-4c30-88f2-9a5063fa9fc0"
},
{
"code": "15.5-N/A-Identify",
"description": "Service provider management-Assess service providers",
"importance": 0,
"uuid": "306e2298-b1b3-403f-8bb0-0ace52e2ada2"
},
{
"code": "15.6-Data-Detect-IG3",
"description": "Service provider management-Monitor service providers",
"importance": 0,
"uuid": "2401973b-c535-4e04-b7b6-2e5411b41a84"
},
{
"code": "15.7-Data-Protect-IG3",
"description": "Service provider management-Securely decommission service providers",
"importance": 0,
"uuid": "d11c9f97-a848-4c18-9153-e0ca31f2dd3c"
},
{
"code": "16.1-Applications-Protect-IG2",
"description": "Application software security-Establish and maintain a secure application developmentprocess",
"importance": 0,
"uuid": "db784c45-c0b9-43bd-8643-e43fdbb4c437"
},
{
"code": "16.10-Applications-Protect-IG2",
"description": "Application software security-Apply secure design principles in application architectures",
"importance": 0,
"uuid": "d93d03cd-205d-4ac6-b1a1-ccd278a8061d"
},
{
"code": "16.11-Applications-Protect-IG2",
"description": "Application software security-Leverage vetted modules or services for application security components",
"importance": 0,
"uuid": "811f7d98-b355-48bf-bb99-d760dfbdcfc6"
},
{
"code": "16.12-Applications-Protect-IG3",
"description": "Application software security-Implement code-level security checks",
"importance": 0,
"uuid": "17376129-173e-4ca8-8f7c-033b70fb2001"
},
{
"code": "16.13-Applications-Protect-IG3",
"description": "Application software security-Conduct application penetration testing",
"importance": 0,
"uuid": "53c61b03-34bf-41b7-9739-7be444b7467f"
},
{
"code": "16.14-Applications-Protect-IG3",
"description": "Application software security-Conduct threat modeling",
"importance": 0,
"uuid": "113cd8a0-199c-4af4-9fb9-9d039513d08f"
},
{
"code": "16.2-Applications-Protect-IG2",
"description": "Application software security-Establish and maintain a process to accept and address software vulnerabilities",
"importance": 0,
"uuid": "074c5418-aae7-41df-854e-909ccb91d469"
},
{
"code": "16.3-Applications-Protect-IG2",
"description": "Application software security-Perform root cause analysis on security vulnerabilities",
"importance": 0,
"uuid": "59ef8b71-f972-47dc-be03-0f8b25dfbe80"
},
{
"code": "16.4-Applications-Protect-IG2",
"description": "Application software security-Establish and manage an inventory of third-party software components",
"importance": 0,
"uuid": "10df85b2-f5e4-48ec-8ff6-ea9e33bd7a3d"
},
{
"code": "16.5-Applications-Protect-IG2",
"description": "Application software security-Use up-to-date and trusted third-party software components",
"importance": 0,
"uuid": "5cb4fd72-aefd-4d91-a551-85ab75b0fa95"
},
{
"code": "16.6-Applications-Protect-IG2",
"description": "Application software security-Establish and maintain a severity rating system and process for application vulnerabilities",
"importance": 0,
"uuid": "40780741-bf90-49d0-8cae-8b79b9c67688"
},
{
"code": "16.7-Applications-Protect-IG2",
"description": "Application software security-Use standard hardening configuration templates for application infrastructure",
"importance": 0,
"uuid": "08765a85-badb-4064-afd2-0a5f44191c09"
},
{
"code": "16.8-Applications-Protect-IG2",
"description": "Application software security-Separate production and non-production systems",
"importance": 0,
"uuid": "93648fa0-22f5-48db-902b-ea183636ee60"
},
{
"code": "16.9-Applications-Protect-IG2",
"description": "Application software security-Train developers in application security concepts and secure coding",
"importance": 0,
"uuid": "cf064702-2b50-4584-ad85-b0906fc2cd41"
},
{
"code": "17.1-N/A-Respond",
"description": "Incident response management-Designate personnel to manage incident handling",
"importance": 0,
"uuid": "21ef0712-1c11-41ee-8779-1df154ba60c0"
},
{
"code": "17.2-N/A-Respond",
"description": "Incident response management-Establish and maintain contact information for reporting security incidents",
"importance": 0,
"uuid": "63e7f08e-97f8-4158-bda4-236b90c1e3bc"
},
{
"code": "17.3-N/A-Respond",
"description": "Incident response management-Establish and maintain an enterprise process for reporting incidents",
"importance": 0,
"uuid": "803cce36-fdf0-40c6-b307-f599d1d2dd7b"
},
{
"code": "17.4-N/A-Respond",
"description": "Incident response management-Establish and maintain an incident response process",
"importance": 0,
"uuid": "28a2bd0e-963a-4136-a2ca-97aaeb464730"
},
{
"code": "17.5-N/A-Respond",
"description": "Incident response management-Assign key roles and responsibilities",
"importance": 0,
"uuid": "5ffc1ef8-c708-437d-92ed-47a4c009c707"
},
{
"code": "17.6-N/A-Respond",
"description": "Incident response management-Define mechanisms for communicating during incident response",
"importance": 0,
"uuid": "705f68b7-b2e7-4fc1-8fc2-6f5ca2c907fb"
},
{
"code": "17.7-N/A-Recover",
"description": "Incident response management-Conduct routine incident response exercises",
"importance": 0,
"uuid": "c4cd4c54-ef9b-4772-b38a-637beb606327"
},
{
"code": "17.8-N/A-Recover",
"description": "Incident response management-Conduct post-incident reviews",
"importance": 0,
"uuid": "eb3a14e8-43c9-4a37-af9d-210413259eb3"
},
{
"code": "17.9-N/A-Recover",
"description": "Incident response management-Establish and maintain security incident thresholds",
"importance": 0,
"uuid": "e3484c4b-6fdf-48a8-ba77-91f4f2385daa"
},
{
"code": "18.1-N/A-Identify",
"description": "Penetration testing-Establish and maintain a penetration testing program",
"importance": 0,
"uuid": "52057c66-fefe-40b9-a176-3eec10c0ab06"
},
{
"code": "18.2-Network-Identify-IG2",
"description": "Penetration testing-Perform periodic external penetration tests",
"importance": 0,
"uuid": "d39d0f22-cdbb-4577-9285-1de2a6f7036b"
},
{
"code": "18.3-Network-Protect-IG2-IG1",
"description": "Penetration testing-Remediate penetration test findings",
"importance": 0,
"uuid": "c0d370ca-5c25-4c22-becc-79516a026298"
},
{
"code": "18.4-Network-Protect-IG3-IG2",
"description": "Penetration testing-Validate security measures",
"importance": 0,
"uuid": "3eee979d-2e78-4b4f-aaa1-701a1eb81bd3"
},
{
"code": "18.5-N/A-Identify",
"description": "Penetration testing-Perform periodic internal penetration tests",
"importance": 0,
"uuid": "8bf03dd7-9b05-4d90-9e78-b8745eb163fa"
},
{
"code": "2.1-Applications-Identify-IG1",
"description": "Inventory and control of software assets-Establish and maintain a software inventory",
"importance": 0,
"uuid": "cb300188-2a2a-47aa-a5d1-89292844d692"
},
{
"code": "2.2-Applications-Identify-IG1",
"description": "Inventory and control of software assets-Ensure authorized software is currently supported ",
"importance": 0,
"uuid": "5b7c6e6c-a603-4c92-9721-a8a24177cbaa"
},
{
"code": "2.3-Applications-Respond-IG1",
"description": "Inventory and control of software assets-Address unauthorized software",
"importance": 0,
"uuid": "93befead-5a8f-4df7-91a2-b23e3f922f48"
},
{
"code": "2.4-Applications-Detect-IG2",
"description": "Inventory and control of software assets-Utilize automated software inventory tools",
"importance": 0,
"uuid": "155fea9b-0ca0-4c3a-9414-91928f7af662"
},
{
"code": "2.5-Applications-Protect-IG2",
"description": "Inventory and control of software assets-Allowlist authorized software",
"importance": 0,
"uuid": "b6772c6b-9654-4467-a149-696f82947075"
},
{
"code": "2.6-Applications-Protect-IG2",
"description": "Inventory and control of software assets-Allowlist authorized libraries",
"importance": 0,
"uuid": "4a7cc9ba-ae68-41c7-8a96-f4ebbe452acf"
},
{
"code": "2.7-Applications-Protect-IG3",
"description": "Inventory and control of software assets-Allowlist authorized scripts",
"importance": 0,
"uuid": "26e285a6-3197-413d-9599-fd466286b958"
},
{
"code": "3.1-Data-Identify-IG1",
"description": "Data protection-Establish and maintain a data management process",
"importance": 0,
"uuid": "514fbadc-c751-4852-9fd6-8351b6054f8d"
},
{
"code": "3.1-Data-Protect-IG1",
"description": "Data protection-Encrypt sensitive data in transit",
"importance": 0,
"uuid": "a243b1de-67d6-463a-9fa8-c424beda6250"
},
{
"code": "3.11-Data-Protect-IG2",
"description": "Data protection-Encrypt sensitive data at rest",
"importance": 0,
"uuid": "da4089a1-4a1e-46c2-aeef-8f502b37ade2"
},
{
"code": "3.12-Network-Protect-IG2",
"description": "Data protection-Segment data processing and storage based on sensitivity",
"importance": 0,
"uuid": "7c72e13e-e088-4e44-9910-c86c3de60d10"
},
{
"code": "3.13-Data-Protect-IG3",
"description": "Data protection-Deploy a data loss prevention solution",
"importance": 0,
"uuid": "0496fa97-cdcb-4199-bec9-973feb9fe8d2"
},
{
"code": "3.14-Data-Detect-IG3",
"description": "Data protection-Log sensitive data access",
"importance": 0,
"uuid": "ccf1033b-824a-438d-b12b-a25e3c7d6684"
},
{
"code": "3.2-Data-Identify-IG1",
"description": "Data protection-Establish and maintain a data inventory",
"importance": 0,
"uuid": "e6452c3e-4246-480d-aa6a-7215203710ad"
},
{
"code": "3.3-Data-Protect-IG1",
"description": "Data protection-Configure data access control lists",
"importance": 0,
"uuid": "1294ffcd-b674-4643-9991-4e7320390122"
},
{
"code": "3.4-Data-Protect-IG1",
"description": "Data protection-Enforce data retention",
"importance": 0,
"uuid": "a70a5a30-b5e5-4ea6-acbe-834746a0fed1"
},
{
"code": "3.5-Data-Protect-IG1",
"description": "Data protection-Securely dispose of data",
"importance": 0,
"uuid": "59984672-7139-45c4-997f-e66feab835a9"
},
{
"code": "3.6-Devices-Protect-IG1",
"description": "Data protection-Encrypt data on end-user devices",
"importance": 0,
"uuid": "f77bf54d-1cda-4dda-aa3f-cb6629029d8c"
},
{
"code": "3.7-Data-Identify-IG2",
"description": "Data protection-Establish and maintain a data classification scheme",
"importance": 0,
"uuid": "99eb13c7-2d8d-4d53-8e19-871214d91f39"
},
{
"code": "3.8-Data-Identify-IG2",
"description": "Data protection-Document data flows",
"importance": 0,
"uuid": "24dc11d3-998b-47ca-b7f4-40310afa3c03"
},
{
"code": "3.9-Data-Protect-IG2",
"description": "Data protection-Encrypt data on removable media",
"importance": 0,
"uuid": "d796c0d3-8205-4732-a3d1-d7832c8a89d5"
},
{
"code": "4.1-Applications-Protect-IG1",
"description": "Secure configuration of enterprise assets and software-Establish and maintain a secure configuration process",
"importance": 0,
"uuid": "eeb97c09-6a2c-412c-87b1-b39df7fa3630"
},
{
"code": "4.1-Devices-Respond-IG1",
"description": "Secure configuration of enterprise assets and software-Enforce automatic device lockout on portable end-user devices",
"importance": 0,
"uuid": "a8f19c86-2de7-4f2a-b444-7a35fedbc9d6"
},
{
"code": "4.11-Devices-Protect-IG2",
"description": "Secure configuration of enterprise assets and software-Enforce remote wipe capability on portable end-user devices",
"importance": 0,
"uuid": "943a0a0e-82e4-4f32-af2c-4bdded48773f"
},
{
"code": "4.12-Devices-Protect-IG3",
"description": "Secure configuration of enterprise assets and software-Separate enterprise workspaces on mobile end-user devices",
"importance": 0,
"uuid": "bde651cc-d6ef-4e2b-ab5e-4aed6699b2e6"
},
{
"code": "4.2-Network-Protect-IG1",
"description": "Secure configuration of enterprise assets and software-Establish and maintain a secure configuration process for network infrastructure",
"importance": 0,
"uuid": "b9766b93-09d4-4b1b-b848-9c03aaeed19b"
},
{
"code": "4.3-Users-Protect-IG1",
"description": "Secure configuration of enterprise assets and software-Configure automatic session locking on enterprise assets",
"importance": 0,
"uuid": "7c0f8833-55f5-44a8-b244-b3beb4b28e4d"
},
{
"code": "4.4-Devices-Protect-IG1",
"description": "Secure configuration of enterprise assets and software-Implement and manage a firewall on servers",
"importance": 0,
"uuid": "28c3e828-507b-4b48-b9a5-98cf200725b0"
},
{
"code": "4.5-Devices-Protect-IG1",
"description": "Secure configuration of enterprise assets and software-Implement and manage a firewall on end-user devices",
"importance": 0,
"uuid": "5b35e2e9-d622-43e2-90d5-9378af88feaa"
},
{
"code": "4.6-Network-Protect-IG1",
"description": "Secure configuration of enterprise assets and software-Securely manage enterprise assets and software",
"importance": 0,
"uuid": "f33e930d-5109-4554-88ce-ea57c3328884"
},
{
"code": "4.7-Users-Protect-IG1",
"description": "Secure configuration of enterprise assets and software-Manage default accounts on enterprise assets and software",
"importance": 0,
"uuid": "b964543d-bf6e-49c6-87c9-4d585bcb8b16"
},
{
"code": "4.8-Devices-Protect-IG2",
"description": "Secure configuration of enterprise assets and software-Uninstall or disable unnecessary services on enterprise assets and software",
"importance": 0,
"uuid": "de1d62d8-b9da-48b7-acd9-317999d9a242"
},
{
"code": "4.9-Devices-Protect-IG2",
"description": "Secure configuration of enterprise assets and software-Configure trusted DNS servers on enterprise assets",
"importance": 0,
"uuid": "a6d7262a-2da6-4228-8032-50ea496ca8d3"
},
{
"code": "5.1-Users-Identify-IG1",
"description": "Account management-Establish and maintain an inventory of accounts",
"importance": 0,
"uuid": "79c1bac9-8681-497d-ae56-b5d7320fcc4e"
},
{
"code": "5.2-Users-Protect-IG1",
"description": "Account management-Use unique passwords",
"importance": 0,
"uuid": "198f625b-65ba-4355-9d12-ca6b4ce63e58"
},
{
"code": "5.3-Users-Respond-IG1",
"description": "Account management-Disable dormant accounts",
"importance": 0,
"uuid": "9f5b502d-96c2-4568-a7e2-9d24eeb54ea7"
},
{
"code": "5.4-Users-Protect-IG1",
"description": "Account management-Restrict administrator privileges to dedicated administrator accounts",
"importance": 0,
"uuid": "efd5342b-ddff-42b0-b5d9-302ece0948c4"
},
{
"code": "5.5-Users-Identify-IG2",
"description": "Account management-Establish and maintain an inventory of service accounts",
"importance": 0,
"uuid": "127d4313-783f-4c3c-ba54-565d8b843dd0"
},
{
"code": "5.6-Users-Protect-IG2",
"description": "Account management-Centralize account management",
"importance": 0,
"uuid": "9a7f9aac-6cc2-4e4e-8470-9d56e8c38cc2"
},
{
"code": "6.1-Users-Protect-IG1",
"description": "Access control management-Establish an access granting process",
"importance": 0,
"uuid": "a45dddcc-87b5-4b3e-8bfb-5e84b556fb45"
},
{
"code": "6.2-Users-Protect-IG1",
"description": "Access control management-Establish an access revoking process",
"importance": 0,
"uuid": "e0100354-04eb-4e4c-91b3-180d5ac0914d"
},
{
"code": "6.3-Users-Protect-IG1",
"description": "Access control management-Require MFA for externally-exposed applications",
"importance": 0,
"uuid": "5df20f59-7c9a-4f73-b93d-06a8d9a6e305"
},
{
"code": "6.4-Users-Protect-IG1",
"description": "Access control management-Require MFA for remote network access",
"importance": 0,
"uuid": "3952da07-2c10-4bfb-922a-4bf7a3efd8a5"
},
{
"code": "6.5-Users-Protect-IG1",
"description": "Access control management-Require MFA for administrative access",
"importance": 0,
"uuid": "feb19850-2fdf-4e3b-b585-1306ec5a6e3e"
},
{
"code": "6.6-Users-Identify-IG2",
"description": "Access control management-Establish and maintain an inventory of authentication and authorization systems",
"importance": 0,
"uuid": "3fcea4a8-7455-4108-9519-d96201946178"
},
{
"code": "6.7-Users-Protect-IG2",
"description": "Access control management-Centralize access control",
"importance": 0,
"uuid": "5d4e75d0-b4a9-407e-97fd-531679846792"
},
{
"code": "6.8-Data-Protect-IG3",
"description": "Access control management-Define and maintain role-based access control (RBAC)",
"importance": 0,
"uuid": "bb855630-0b87-4f53-a47a-3ca2dab1b031"
},
{
"code": "7.1-Applications-Protect-IG1",
"description": "Continuous vulnerability management-Establish and maintain a vulnerability management process",
"importance": 0,
"uuid": "7aa13de2-dc5f-439b-978c-b5560f996618"
},
{
"code": "7.2-Applications-Respond-IG1",
"description": "Continuous vulnerability management-Establish and maintain a remediation process",
"importance": 0,
"uuid": "e7ebffb5-60c8-424a-bee1-a3381548fee4"
},
{
"code": "7.3-Applications-Protect-IG1",
"description": "Continuous vulnerability management-Perform automated operating system patch management",
"importance": 0,
"uuid": "696a813c-bcfd-4232-a5e7-203f15abd40e"
},
{
"code": "7.4-Applications-Protect-IG1",
"description": "Continuous vulnerability management-Perform automated application patch management",
"importance": 0,
"uuid": "dae71e2c-d17e-43fb-8c0a-08833ffd4c4c"
},
{
"code": "7.5-Applications-Identify-IG2",
"description": "Continuous vulnerability management-Perform automated vulnerability scans of internal enterprise assets",
"importance": 0,
"uuid": "4bd271b1-7cb9-487c-aa33-9e9a58333539"
},
{
"code": "7.6-Applications-Identify-IG2",
"description": "Continuous vulnerability management-Perform automated vulnerability scans of externally-exposed enterprise assets",
"importance": 0,
"uuid": "7cfd1b0c-94a2-4758-b560-22559d6ab0aa"
},
{
"code": "7.7-Applications-Respond-IG2",
"description": "Continuous vulnerability management-Remediate detected vulnerabilities",
"importance": 0,
"uuid": "1b2a0f89-eff4-45f6-a4d2-1162b4f9833d"
},
{
"code": "8.1-Network-Protect-IG1",
"description": "Audit log management-Establish and maintain an audit log management process",
"importance": 0,
"uuid": "6587f6b6-8117-4880-9a53-a33d1c45ddac"
},
{
"code": "8.10-Network-Protect-IG2",
"description": "Audit log management-Retain audit logs",
"importance": 0,
"uuid": "d55223d6-9722-4f41-ae68-cd97baaa3efa"
},
{
"code": "8.11-Network-Detect-IG2",
"description": "Audit log management-Conduct audit log reviews",
"importance": 0,
"uuid": "51fddb77-d00e-49d5-b6d5-8cc9aeaf28bf"
},
{
"code": "8.12-Data-Detect-IG3",
"description": "Audit log management-Collect service provider logs",
"importance": 0,
"uuid": "388dda2b-99ed-469b-874f-fb34a8e3da75"
},
{
"code": "8.2-Network-Detect-IG1",
"description": "Audit log management-Collect audit logs",
"importance": 0,
"uuid": "fc1e36ed-edfd-416d-9aa9-3ffe02870e8c"
},
{
"code": "8.3-Network-Protect-IG1",
"description": "Audit log management-Ensure adequate audit log storage",
"importance": 0,
"uuid": "b787f52d-d2b2-468b-95dc-c3d45cb558be"
},
{
"code": "8.4-Network-Protect-IG2",
"description": "Audit log management-Standardize time synchronization",
"importance": 0,
"uuid": "592c3e38-4701-4d48-ae0b-0860d60421e9"
},
{
"code": "8.5-Network-Detect-IG2",
"description": "Audit log management-Collect detailed audit logs",
"importance": 0,
"uuid": "413b6bf4-baa3-460c-ba86-87d8cae5a7f8"
},
{
"code": "8.6-Network-Detect-IG2",
"description": "Audit log management-Collect DNS query audit logs",
"importance": 0,
"uuid": "65b355d4-380a-48bb-8816-a6f8664efa5f"
},
{
"code": "8.7-Network-Detect-IG2",
"description": "Audit log management-Collect URL request audit logs",
"importance": 0,
"uuid": "7872331d-07b1-4f5c-90e3-a6b859e24851"
},
{
"code": "8.8-Devices-Detect-IG2",
"description": "Audit log management-Collect command-line audit logs",
"importance": 0,
"uuid": "43a1cc08-ce70-41a2-8dd9-7570084128b6"
},
{
"code": "8.9-Network-Detect-IG2",
"description": "Audit log management-Centralize audit logs",
"importance": 0,
"uuid": "809ac4bb-bea5-49bb-9f52-9763acad34a3"
},
{
"code": "9.1-Applications-Protect-IG1",
"description": "Email and web browser protections-Ensure use of only fully supported browsers and email clients",
"importance": 0,
"uuid": "3c4d4eaa-adb3-4837-b361-7b7537817172"
},
{
"code": "9.2-Network-Protect-IG1",
"description": "Email and web browser protections-Use DNS filtering services",
"importance": 0,
"uuid": "934174ab-91fc-4792-bdf7-18c69f3e02fe"
},
{
"code": "9.3-Network-Protect-IG2",
"description": "Email and web browser protections-Maintain and enforce network-based url filters",
"importance": 0,
"uuid": "ba8ae738-a5b1-4ceb-90ea-702a613a7721"
},
{
"code": "9.4-Applications-Protect-IG2",
"description": "Email and web browser protections-Restrict unnecessary or unauthorized browser and email client extensions",
"importance": 0,
"uuid": "9e4dd002-04af-44ae-806f-ea57cdfde604"
},
{
"code": "9.5-Network-Protect-IG2",
"description": "Email and web browser protections-Implement DMARC",
"importance": 0,
"uuid": "f58a964d-47a7-47bb-a8c8-95e97f2c874f"
},
{
"code": "9.6-Network-Protect-IG2",
"description": "Email and web browser protections-Block unnecessary file types",
"importance": 0,
"uuid": "5296d4df-1df0-492d-b5fe-a93dfc255fb1"
},
{
"code": "9.7-Network-Protect-IG3",
"description": "Email and web browser protections-Deploy and maintain email server anti-malware protections",
"importance": 0,
"uuid": "a236845e-734b-4632-8b21-4c1d2eb1eff1"
}
],
"version": 1
}