CIS 18 Critical Security Controls®

How to Achieve CIS® Compliance with Lansweeper

Complete Visibility

Discover assets you don’t even know about and eliminate blind spots.

Risk Mitigation

Anticipate potential cyber security attacks with audit preventive measures.

Threat Detection

Get an instant cybersecurity audit across your entire network through valuable reports.

What Are the 18 CIS Critical Security Controls®?

When companies struggle with what to do and how to demonstrate their Cyber Security efforts, many turn to ISO27001 & ISO27002. These frameworks are excellent for showing compliance but not well-suited for prioritizing, measuring and implementing practical IT-security initiatives. To that end, you need a consensus-based framework, such as the CIS 18 critical security controls®, which includes detailed practical and prioritized advice on how to implement cyber security. The CIS® controls include detailed instructions on what to do, how to measure, how to prioritize and how to audit your cybersecurity posture.

An IT Asset Inventory Database for CIS® Compliance

A well-maintained asset inventory is key in building a more comprehensive security program based on the CIS Critical Security Controls. As you prioritize CIS® Controls, you should focus your efforts on 6 of the controls - also named the Cyber Hygiene Controls or Basic Controls. The first two controls call for an Inventory of Hardware Software Assets and rely heavily on the IT asset inventory.

Lansweeper can be used to support additional controls, but as the controls are most effective when implemented in order, we’ll focus on how Lansweeper can support your CIS® compliance for these 6 controls below.


Inventory & Control of Enterprise Assets

Lansweeper continuously detects hardware assets on your network and reports on changes, as well as newly discovered devices. Create an inventory of workstations, servers, network devices, non-computing/IoT devices, mobile devices, and cloud assets. The first CIS control guides you to implement a process of regularly, automatically discovering these assets and their details, then authorizing or removing unauthorized devices. Use Lansweeper's many scanning methods like Active Directory scanning and the passive scanning of Asset Radar to get a complete inventory of any device connected to the network.


Inventory & Control of Software Assets

Lansweeper automatically discovers the software along with its version number, publisher, and install date on all your hardware assets. You must implement a process for removing unwanted software from your network thereby leaving only authorized software on authorized devices. Lansweeper's out-of-the-box reports help to identify and mark software as “Allowed,” “Denied” or “Neutral”. Utilize the detailed software information to ensure only supported software is used in your IT environment.


Secure Configuration of Enterprise Assets & Software

The CIS Benchmarks help you implement secure software and hardware configurations. A substantial number of recommendations such as Processes, Services, Shares, Registry settings, System settings, and BitLocker status can be checked and reported on within Lansweeper. This lets you check for any outdated software, unnecessary services, misconfigured DNS settings, and much more.


Account Management

The core of the account management control is to establish and maintain an inventory of accounts. Using Active Directory, O365, Exchange, and local account scanning, Lansweeper provides a full inventory of all accounts, their groups, permissions, licenses, and all AD other details. Using Lansweeper's built-in reports, you can easily find disabled AD accounts lingering around or account using simple O365 passwords. To maintain "the principle of least privilege." Lansweeper tells you which users have local administrative rights on an asset-by-asset basis by showing all unauthorized administrators and control who can manage your assets.


Continuous Vulnerability Management

Where software versions can be identified, vulnerability reports verify whether software has been updated with important security patches. Lansweeper continuously publishes audit reports to address trending vulnerability issues such as PrintNightmare and PetitPotam, enabling you to easily assess whether a particular software-related vulnerability has been addressed. With Lansweeper, you can list the results in an audit report or dashboard, or set up email alerts to review the report output straight from your inbox.


Audit Log Management

Use the wealth of event log information available in Lansweeper to keep an eye on anything that might indicate a security risk. Although Lansweeper is not a full-fledged log management system, it automatically collects logs from Windows servers and desktops. Event logs can be selected by source and searched, reported, and exported. Built-in error log and user logon reports help identify inconsistencies within log data.

Increase Your Cyber Security Profile

See how Lansweeper helps implement CIS Critical Security Controls.