About
Login
Get Started

CIS Controls Compliance

So, picture this: a bunch of cybersecurity gurus got together and were like, “We need some rock-solid guidelines to keep our systems safe!” That’s how the CIS Controls were born…well, kinda. Now, NAC (Network Access Control) steps in to help enforce those security guidelines, ensuring only legit users and devices get access – like a bouncer for your network, keeping the bad guys out and the good guys free to work.

Request a Demo

Safegaurd your network, empower compliance and embrace the strength of CIS controls.

list

CIS Control 1: Inventory & Control of Hardware Assets

NAC can help in identifying and controlling hardware assets by enforcing authentication and authorization mechanisms before allowing network access. This is precisely what the Portnox Cloud enables – all without actually having to install or maintain any additional hardware on-site.

folder-shield

CIS Control 3: Data Protection

Portnox’s zero trust platform contributes to data protection efforts by ensuring that only authorized devices and users can access sensitive data stored on the network. The platform’s powerful network segmentation capabilities add security layers across the network for all users.

image-user-check

CIS Control 13: Need to Know Access

Network access control is designed to enforce access controls based on user roles, device types, or other criteria, ensuring that individuals or devices only have access to the resources necessary for their job functions. This functionality is available with with Portnox out-of-the-box.

wifi

CIS Control 14: Wireless Access Control

Portnox seamlessly delivers network authentication and access control capabilities for all access layers, including wireless – no matter if designated for employees, guests or contractors. The platform can be layered over any wireless networking gear without any reconfiguration needed.

Hero image showing session based timeout and AAA logs for TACACS+

TACACS+: Your car has AAA, so why can’t your networking gear?

Not everyone on your IT team should be able to make changes to networking gear. With TACACS+ from Portnox, keep a tight grip on authentication, authorization, and accounting (AAA) policies for networking infrastructure without having to break the bank. Oh, and did we mention it’s fully cloud-native? Ditch the extra hardware and give our network device administration capabilities a go today.

Learn More

CIS Controls

FAQs

The CIS (Center for Internet Security) Top 20 Critical Security Controls, also known as the CIS Controls, provide a framework for organizations to establish a baseline of cybersecurity practices. These controls are designed to help organizations protect their systems and data from cyber threats. As of my knowledge cutoff in September 2021, the CIS Controls version 8.0 was the latest version available. The following is an overview of the CIS Top 20 Critical Security Controls:

  • Inventory and Control of Hardware Assets: Maintain an up-to-date inventory of authorized devices and control their use.
  • Inventory and Control of Software Assets: Maintain an up-to-date inventory of authorized software and control its use.
  • Continuous Vulnerability Management: Regularly assess and mitigate vulnerabilities in systems.
  • Secure Configuration for Hardware and Software: Establish and maintain secure configurations for all devices and software.
  • Controlled Use of Administrative Privileges: Limit administrative access to systems and applications based on job responsibilities.
  • Maintenance, Monitoring, and Analysis of Audit Logs: Collect, manage, and analyze logs of security events to detect and respond to incidents.
  • Email and Web Browser Protections: Protect email and web browsers from malicious content and unauthorized access.
  • Malware Defenses: Implement measures to prevent, detect, and respond to malware attacks.
  • Limitation and Control of Network Ports, Protocols, and Services: Manage network ports, protocols, and services to minimize attack surfaces.
  • Data Recovery Capabilities: Establish and test data backup and recovery processes.
  • Secure Configuration for Network Devices: Maintain secure configurations for routers, switches, and other network devices.
  • Boundary Defense: Implement measures to detect and prevent unauthorized network traffic.
  • Data Protection: Establish and enforce data protection policies and procedures.
  • Controlled Access Based on the Need to Know: Grant access rights based on the principle of least privilege.
  • Wireless Access Control: Secure wireless networks to prevent unauthorized access.
  • Account Monitoring and Control: Continuously monitor user accounts for suspicious activities and enforce strong authentication measures.
  • Security Skills Assessment and Appropriate Training to Fill Gaps: Assess the security skills of personnel and provide appropriate training.
  • Application Software Security: Manage the security of application software throughout its lifecycle.
  • Incident Response and Management: Develop and implement an incident response plan to effectively respond to and recover from security incidents.
  • Penetration Testing and Red Team Exercises: Regularly test and validate the effectiveness of security defenses.

Please note that the CIS Controls may be updated periodically, so it’s always a good idea to refer to the latest version of the CIS Controls for the most up-to-date information.

Yes, network segmentation is addressed in the CIS Controls. Specifically, Control 12 in the CIS Controls framework is titled “Boundary Defense” and encompasses measures related to network segmentation. The goal of this control is to prevent unauthorized network traffic and protect critical systems and data by implementing network segmentation.

Network segmentation involves dividing a network into smaller, isolated segments or subnetworks. This separation helps in containing and limiting the impact of a security breach or unauthorized access. By implementing network segmentation, an organization can create barriers and controls that restrict the lateral movement of attackers within the network.

Control 12 of the CIS Controls emphasizes the following actions related to network segmentation:

  • Define and document network segmentation policies: Establish clear policies and guidelines for segmenting the network based on logical or physical separation.
  • Implement network segmentation controls: Use firewalls, routers, switches, and other network security devices to enforce network segmentation and control traffic flow between segments.
  • Secure network segmentation devices: Apply secure configurations, regular patching, and access control measures to the network devices responsible for enforcing network segmentation.
  • Monitor and review network segmentation effectiveness: Continuously monitor network traffic, access logs, and segmentation controls to ensure their effectiveness and identify any potential weaknesses or misconfigurations.

Network segmentation plays a crucial role in enhancing the overall security posture of an organization by limiting the attack surface, minimizing the potential impact of a security incident, and enabling more focused security monitoring and enforcement.

The CIS Controls framework does address endpoint compliance as part of its overall security recommendations. Several controls within the framework focus on ensuring that endpoints (such as desktops, laptops, servers, and mobile devices) are properly secured and compliant with security policies. Here are some of the controls that address endpoint compliance:

  • Control 1: Inventory and Control of Hardware Assets: This control emphasizes the importance of maintaining an up-to-date inventory of authorized devices. By effectively managing hardware assets, organizations can ensure that endpoints are accounted for and compliant with security policies.
  • Control 2: Inventory and Control of Software Assets: Similar to hardware assets, it’s crucial to have an inventory of authorized software on endpoints. By controlling software installations and updates, organizations can enforce compliance with approved software versions and mitigate potential security risks.
  • Control 3: Continuous Vulnerability Management: Regularly assessing and mitigating vulnerabilities on endpoints is a fundamental aspect of endpoint compliance. This control encourages organizations to implement processes for identifying, prioritizing, and patching vulnerabilities to maintain a secure and compliant endpoint environment.
  • Control 4: Secure Configuration for Hardware and Software: This control emphasizes the need for secure configurations on endpoints. By following secure configuration guidelines and best practices, organizations can enforce compliance with predefined security standards and reduce the attack surface of endpoints.
  • Control 5: Controlled Use of Administrative Privileges: Limiting administrative privileges on endpoints is crucial for endpoint compliance. This control promotes the principle of least privilege, ensuring that only authorized personnel have elevated privileges on endpoints, minimizing the risk of unauthorized access and malicious activities.
  • Control 8: Malware Defenses: Implementing robust malware defenses on endpoints is essential for maintaining compliance. This control advises organizations to deploy antivirus, anti-malware, and other security solutions to protect endpoints from malicious software and maintain compliance with security policies.
  • Control 16: Account Monitoring and Control: Continuous monitoring and control of user accounts on endpoints is critical for endpoint compliance. Organizations should monitor user activities, enforce strong authentication measures, and promptly revoke access for terminated employees or compromised accounts.

These controls, among others in the CIS framework, collectively contribute to establishing and maintaining endpoint compliance by addressing key areas such as inventory management, vulnerability management, secure configurations, user access controls, and malware protection. By implementing and adhering to these controls, organizations can enhance the security and compliance of their endpoint environments.

The CIS Controls framework provides guidance on suggested measures for risk remediation to help organizations address and mitigate security risks effectively. The controls offer recommendations and best practices to remediate vulnerabilities and improve overall security posture. While the specific measures may vary depending on the organization’s context, here are some general suggested measures for risk remediation outlined by the CIS Controls:

  • Prioritize vulnerabilities: Establish a process for assessing and prioritizing vulnerabilities based on their severity, exploitability, and potential impact. This enables organizations to focus remediation efforts on the most critical vulnerabilities first.
  • Patch and update systems: Regularly apply patches, updates, and security fixes to operating systems, software applications, and firmware. Timely patching helps address known vulnerabilities and protect against exploits.
  • Secure configurations: Establish and maintain secure configurations for hardware, software, and network devices. Implement recommended security settings, disable unnecessary services and protocols, and apply access control measures to reduce the attack surface and mitigate risks.
  • Implement least privilege: Follow the principle of least privilege by granting users the minimum privileges necessary to perform their job functions. Restricting access privileges reduces the risk of unauthorized access and minimizes the potential impact of compromised accounts.
  • Network segmentation: Implement network segmentation to isolate critical systems, sensitive data, and user groups. By dividing the network into smaller, isolated segments, organizations can limit the lateral movement of attackers and contain potential breaches.
  • Implement secure authentication: Enforce strong authentication measures, such as multifactor authentication (MFA) or strong passwords, to protect user accounts and prevent unauthorized access.
  • Data protection and encryption: Implement appropriate measures to protect sensitive data, such as encryption at rest and in transit. Protecting data helps mitigate the risk of unauthorized access or data breaches.
  • Security awareness and training: Provide regular security awareness and training programs to educate employees about cybersecurity risks, safe practices, and how to recognize and respond to potential threats.
  • Incident response planning: Develop and implement an incident response plan that outlines the steps to be taken in the event of a security incident. This enables organizations to respond promptly, contain the incident, and minimize potential damages.
  • Continuous monitoring and auditing: Implement robust monitoring and auditing mechanisms to detect and respond to security events in real-time. Monitor logs, network traffic, and security systems to identify anomalies, suspicious activities, or potential security breaches.
  • Regular assessments and testing: Conduct regular security assessments, vulnerability scans, penetration testing, and red team exercises to identify weaknesses and validate the effectiveness of security controls. These assessments help organizations identify and address vulnerabilities before they are exploited.

These suggested measures for risk remediation, combined with other controls in the CIS Controls framework, help organizations establish a proactive approach to cybersecurity, improve their security posture, and mitigate risks effectively. It is important to adapt these measures to the specific needs and risk landscape of each organization.

Explore Portnox Cloud

Related Reading

Case Studies

New Albany Floyd County Consilidated School District rolls out NAC in record time with Portnox
eBooks

Five Ways to Master Remote Access Security
Case Studies

New Albany Floyd County Consilidated School District rolls out NAC in record time with Portnox
Explore the Blog

NEW REPORT: CISOs' Perspectives on Cybersecurity in 2026

Learn More
X