На днях обновился отличный гайд CIS Critical Security Controls от SANS.
Теперь актуальная версия - 6.0.
Теперь актуальная версия - 6.0.
Для скачивания доступны 4 файла:
- CIS-CSC MASTER VER 6.0 Critical Security Controls (pdf), 94 страницы
- CIS Critical Security Controls v. 6.0 (excel)
- CSC-VER 6.0 Critical Security Controls Change Log (excel)
- A Measurement Companion to the Critical Security Controls (pdf), 24 страницы
Перечень и порядок мер изменился:
CIS Critical Security Controls - Version 6.0 | CIS Critical Security Controls – Version 5.0 |
CSC 1: Inventory of Authorized and Unauthorized Devices | CSC 1: Inventory of Authorized and Unauthorized Devices |
CSC 2: Inventory of Authorized and Unauthorized Software | CSC 2: Inventory of Authorized and Unauthorized Software |
CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers | CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers |
CSC 4: Continuous Vulnerability Assessment and Remediation | CSC 4: Continuous Vulnerability Assessment and Remediation |
CSC 5: Controlled Use of Administrative Privileges | CSC 12: Controlled Use of Administrative Privileges |
CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs | CSC 14: Maintenance, Monitoring, and Analysis of Audit Logs |
CSC 7: Email and Web Browser Protections | - |
CSC 8: Malware Defenses | CSC 5: Malware Defenses |
CSC 9: Limitation and Control of Network Ports, Protocols, and Services | CSC 11: Limitation and Control of Network Ports, Protocols, and Services |
CSC 10: Data Recovery Capability | CSC 8: Data Recovery Capability |
CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches | CSC 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches |
CSC 12: Boundary Defense | CSC 13: Boundary Defense |
CSC 13: Data Protection | CSC 17: Data Protection |
CSC 14: Controlled Access Based on the Need to Know | CSC 15: Controlled Access Based on the Need to Know |
CSC 15: Wireless Access Control | CSC 7: Wireless Access Control |
CSC 16: Account Monitoring and Control | CSC 16: Account Monitoring and Control |
CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps | CSC 9: Security Skills Assessment and Appropriate Training to Fill Gaps |
CSC 18: Application Software Security | CSC 6: Application Software Security |
CSC 19: Incident Response and Management | CSC 18: Incident Response and Management |
CSC 20: Penetration Tests and Red Team Exercises | CSC 20: Penetration Tests and Red Team Exercises |
- | CSC 19: Secure Network Engineering |
