CIS 20 Critical Security Controls®

How to Achieve CIS® Compliance with Lansweeper

What Are the 20 CIS Critical Security Controls®?

When companies struggle with what to do and how to demonstrate their Cyber Security efforts many turn to ISO27001 & ISO27002. These frameworks are excellent for showing compliance but not well suited for prioritizing, measuring and implementing practical IT-security initiatives. To that end, you will need a consensus-based framework - such as CIS 20 critical security controls® which include detailed practical and prioritized advice exactly on how to implement Cyber Security. The CIS® controls include detailed instructions on what to do, how to measure, how to prioritize, and how to audit your Cyber Security posture.

Leveraging the IT Asset Inventory Database for CIS® Compliance.

A well-maintained Asset Inventory Database is key in building a more comprehensive security program based on the CIS Critical Security Controls®. The first two controls, Inventory of Hardware Software Assets rely heavily on the Asset Inventory Database. As the CIS® Controls are prioritized, your efforts should be focused on the first 6 controls - also named the Cyber Hygiene Controls or Basic Controls. Lansweeper can be used to support additional controls but as the controls are most effective when implemented in order, we’ll focus on how Lansweeper can support your CIS® compliance for these first 6 controls below.

Start Leveraging Your IT Asset Inventory Baseline

Discover Assets You Don't Even Know About & Eliminate Network Blind Spots

Inventory & Control of Hardware Assets

Lansweeper will continuously detect hardware assets on your network and report on the changes in hardware assets, as well as newly discovered devices. The first CIS® control guides you to implement a process of regularly, automatically discovering assets with Lansweeper and then authorizing or removing unauthorized devices. Use Lansweeper's Custom properties and grouping function to divide your hardware assets into specials groups such as “Most Critical Devices” and “Devices Related to PII”.


Inventory & Control of Software Assets

Lansweeper will automatically discover the software (including version) on all your hardware assets with the right credentials. You must implement a process for removing unwanted software from your network thereby leaving only authorized software on the authorized devices. Lansweeper's out-of-the-box reports will help you identify and mark software as Allowed, Denied and Neutral. Lansweeper's deep Microsoft SQL identification and discovery will help you to identify, map, and maintain databases with sensitive information and SQL versions that are EOL, OOS, and thus do not support handling of PII.


Continuous Vulnerability Management

Where software versions can be identified, vulnerability reports check if the software is not missing any security patches that could leave it exposed. Easily assess whether a particular software-related vulnerability has been addressed as Lansweeper continuously publishes audit reports to address trending vulnerability issues such as BlueKeepZombieload, or SWAPGS. List the results in an Audit Report, a dashboard, or set up email alerts to review the report output straight into your inbox.


Controlled Use of Administrative Privileges

Maintain "the principle of least privilege" as Lansweeper tells you which users have Local Administrative Rights on an asset-by-asset basis. Capture all the unauthorized administrators and control who can manage your assets, highlight which users and which groups you need to "groom" to reduce admin privileges. Lansweeper’s integration with AD lets you audit individual administrative accounts and see detailed AD User information including account state and password audit data.


Secure Configurations for Hard- and Software

The CIS® Benchmarks help you implement secure software and hardware configurations. A substantial number of the recommendations such as Processes, Services, Shares, Registry settings, System settings, and BitLocker status can be checked and reported within Lansweeper. Check end of life Firmware versions for network devices and scan for the existence or absence of specific files and registry keys for complete CIS® bench-marking.


Maintenance, Monitoring, and Analytics of Audit Logs

Utilize the wealth of event log information available to keep an eye on anything which might indicate a security risk. Although Lansweeper is not a fully-fledged log management system, it will automatically collect logs from Windows servers and desktops. Event logs can be selected by source and searched, reported and exported. Built-in error log and user logon reports help you identify inconsistencies on automatically-collected log information.

Increase Your Cyber Security Profile

See How Lansweeper Helps Implementing the CIS Critical Security Controls®