CISA defines their mission as “lead[ing] the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.” That’s a broad mandate, but with the threat of cyber-attacks continuously rising, it’s critical to take a broad view of cyber security. Portnox’s cloud-native NAC is a key element in establishing a comprehensive zero trust security strategy, and can help you meet many guidelines laid out by CISA.

cis controls portnox

NAC meets a broad range of CISA cyber security standards.

Access Control

NAC helps enforce access control policies by ensuring that only authorized devices and users can access the network. The Portnox Cloud has a robust policy engine that can restrict access based on role, location, compliance with security policies, and more. Portnox can also handle guest accounts so you can give visitors network access without giving them keys to the entire castle. You can also implement certificate-based authentication, to remove the risk of compromised passwords. This aligns with CISA's emphasis on implementing access controls to protect sensitive data and critical infrastructure.

Device Visibility and Inventory

NAC provides visibility into the devices connected to the network, including information such as device type, operating system, and patch levels. This can be especially challenging with IoT devices, which often sit undetected on your network.  Portnox’s innovative IoT Device Trust provides robust profiling and policy options with over 97% accuracy to help meet CISA's requirement of asset management and vulnerability assessment.

Endpoint Security Compliance

NAC verifies the security posture of devices by checking for compliance with security policies, such as having up-to-date antivirus software, enabled firewalls, and patched operating systems. The Portnox Cloud not only has a robust risk policy engine that can assign a risk score based on everything from a registry entry on Windows to a passcode on a phone, but it also has automated remediation options to bring devices into compliance. This ensures that devices connecting to the network meet the minimum CISA cyber security requirements.

Threat Prevention

Network access control tools can integrate with other security technologies, such as intrusion detection and prevention systems (IDPS), to detect and respond to potential threats.  Integration is so important – the last thing your IT Team needs is a collection of disparate tools that don’t work together and actually make their job more difficult. Portnox integrates with a wide variety of security tools, ensuring that you can create a comprehensive overall threat prevention strategy advocated by CISA.

Incident Response

The Portnox Cloud provides real-time visibility into network activity and detects anomalous behavior, which can be valuable during incident response. Since IoT devices are particularly vulnerable, Portnox’s IoT Device Trust provides anomalous behavior detection, so if something identified as a camera begins passing traffic like a laptop it can be automatically removed from the network. By identifying compromised devices or unauthorized access attempts, NAC supports the incident response efforts recommended by CISA.

Compliance Reporting

NAC solutions can generate reports on device compliance, network access attempts, and security incidents. The Portnox Cloud provides reports either in real-time or e-mailed out on a schedule so you can trace trends of device compliance. Portnox's zero trust access control platform can also alert you if there is a problem with network access or if a device’s risk score changes. These reports can assist organizations in demonstrating compliance with CISA cyber security requirements, such as periodic vulnerability assessments and access control monitoring.

cisa cyber security portnox

Portnox keeps you aligned with CISA's ever-growing scope of security.

As cybercrime continues to evolve, it’s critical to have an agency like CISA dedicated to staying at the forefront of emerging threats. Both public and private organizations cannot afford to ignore the importance of compliance with CISA standards. Portnox is dedicated to helping you get there. Take some time to learn more about our innovative zero trust access control platform.

Frequently asked questions about CISA cyber security standards.

Try Portnox Cloud for Free Today

Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!