How can you implement CIS controls with Versio.io to enhance your cybersecurity?

Mapping CIS Controls to Versio.io functionality

Free trial In a nutshell NIS2 🇩🇪
 
How to implement cyber security assurance based on CIS controls with Versio.io? The Center for Internet Security (CIS) is a non-profit organization that provides cybersecurity solutions and services to governments and businesses around the world. Its mission is to help organizations reduce their risk of cyberattacks and protect their sensitive information.
CIS controls, also known as Center for Internet Security controls, are a set of cybersecurity best practices that organizations can implement to improve their security posture and reduce the risk of cyberattacks. These controls are organized into 18 categories (version 8), each with a set of specific recommendations. The following table illustrates which CIS Controls can be efficiently implemented with Versio.io:
 
CIS Control ID Topic Versio.io coverage rate Versio.io
solution offering
1 Inventory and Control of Enterprise Assets 100%
  • Infrastructure inventory including historization and change & topology detection
  • Support for hosts (server, workstations, mainframe), hyperwiser, cloud & containerization platforms, network router/switches, firewalls, network attached storages
  • Detection of unknown assets
2 Inventory and Control of Software Assets 100%
  • Application stack inventory including historization and change & topology detection
  • Support for containers, processes (including libraries, farmeworks and plugins), services, configurations, applications
3 Data Protection 100%
  • Identification and classification of data repositories on the basis of asset inventory and protection requirements assessment
  • Capture of the status of data in the form of assets
  • Mining and monitoring of data-oriented ETL and batch job processes
4 Secure Configuration of Enterprise Assets and Software 100 %
  • CIS based governance rule content repository
  • Adopt, define and verify governance rule
5 Account Management 25%
  • Inventory and change detection of user accounts
  • Verification and monitoring of user account states
6 Access Control Management 25%
  • Inventory and change detection of access authorizations, roles, groups and rights
  • Verification and monitoring of the status of access authorisations
7 Continuous Vulnerability Management 100%
  • Release, patch & end-of-life assessement
  • IT security vulnerability and exposure detection (CVE)
  • Adopt, define and verify security relevant governance rule
8 Audit Log Management 75%
  • Audit log of third-party system configurations
  • Inventory of third-party system events
  • Inventory of infrastructure, application and organization stack
  • Recovery of third-party system configuration states
9 Email and Web Browser Protections 0%
  • No functional scope of the Versio.io solution
10 Malware Defenses 0%
  • No functional scope of the Versio.io solution
11 Data Recovery 50%
  • Audit log / inventory of third-party system configurations
  • Recovery of third-party system configuration states
  • Mining and monitoring of data recovery processes
12 Network Infrastructure Management 100%
  • Network infrastructure inventory including historization and change & topology detection
  • Support for network router/switches, network firewalls, network attached storages
  • Verification and monitoring of the network infrastructure assets (configuration, state)
  • Release, patch & end-of-life assessement
  • IT security vulnerability and exposure detection (CVE)
13 Network Monitoring and Defense 0%
  • No functional scope of the Versio.io solution
14 Security Awareness and Skills Training 50%
  • Calculation of the protection requirement for each asset on the basis of the protection requirement analyses and topologies defined by the customer
  • Governance rules repository for the verification of security-relevant configurations and states
15 Service Provider Management 0%
  • Organizational process level
16 Application Software Security 100%
  • Release, patch & end-of-life assessement
  • IT security vulnerability and exposure detection (CVE)
17 Incident Response Management 0%
  • Organizational process level
18 Penetration Testing 0%
  • No functional scope of the Versio.io solution
 

References

 

Autor | April 2023


Contact person
Matthias Scholze
Chief Technology Officer
P:  +49-30-221986-51
LinkedIn


Keywords

Center for Internet Security

 

CIS

 

Controls

 

Cybersecurity

 

Best practices

 

Community

 

IT governance

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.