CIS 20 Critical Security Controls®

How to Achieve CIS® Compliance with Lansweeper

Complete Visibility

Discover assets you don’t even know about and eliminate blind spots.

Risk Mitigation

Anticipate potential cyber security attacks with audit preventive measures.

Threat Detection

Get an instant cybersecurity audit across your entire network through valuable reports.

What Are the 20 CIS Critical Security Controls®?

When companies struggle with what to do and how to demonstrate their Cyber Security efforts, many turn to ISO27001 & ISO27002. These frameworks are excellent for showing compliance but not well-suited for prioritizing, measuring and implementing practical IT-security initiatives. To that end, you need a consensus-based framework, such as the CIS 20 critical security controls® ,which include detailed practical and prioritized advice on how to implement cyber security. The CIS® controls include detailed instructions on what to do, how to measure, how to prioritize and how to audit your cybersecurity posture.

An IT Asset Inventory Database for CIS® Compliance

A well-maintained asset inventory is key in building a more comprehensive security program based on the CIS Critical Security Controls. As you prioritize CIS® Controls, you shoud focus your efforts on the first 6 controls – also named the Cyber Hygiene Controls or Basic Controls. The first two controls call for an Inventory of Hardware Software Assets and rely heavily on the IT asset inventory.

Lansweeper can be used to support additional controls, but as the controls are most effective when implemented in order, we'll focus on how Lansweeper can support your CIS® compliance for these first 6 controls below.


Inventory & Control of Hardware Assets

Lansweeper continuously detects hardware assets on your network and reports on changes, as well as newly discovered devices. The first CIS control guides you to implement a process of regularly, automatically discovering assets with Lansweeper, then authorizing or removing unauthorized devices. Use Lansweeper’s custom properties and grouping function to divide your hardware assets into special groups such as "Most Critical Devices" and "Devices Related to PII."


Inventory & Control of Software Assets

Lansweeper automatically discovers the software (including versions) on all your hardware assets with the right credentials. You must implement a process for removing unwanted software from your network thereby leaving only authorized software on authorized devices. Lansweeper’s out-of-the-box reports help to identify and mark software as "Allowed," "Denied" or "Neutral." Lansweeper’s deep Microsoft SQL identification and discovery helps to identify, map and maintain databases with sensitive information and SQL versions that are EOL or OOS, and don't support handling of PII.


Continuous Vulnerability Management

Where software versions can be identified, vulnerability reports verify whether software has been updated with important  security patches. Lansweeper continuously publishes audit reports to address trending vulnerability issues such as BlueKeep, Zombieload or SWAPGS, enabling you to easily assess whether a particular software-related vulnerability has been addressed  With Lansweeper, you can list the results in an audit report or dashboard, or set up email alerts to review the report output straight from your inbox.


Controlled Use of Administrative Privileges

Maintain “the principle of least privilege.” Lansweeper tells you which users have local administrative rights on an asset-by-asset basis. Capture all unauthorized administrators and control who can manage your assets., You can also highlight which users and groups you need to “groom” to reduce admin privileges. Lansweeper's integration with Active Directory lets you audit individual administrative accounts and see detailed user information including account state and password audit data.


Secure Configurations for Hard- and Software

The CIS Benchmarks help you implement secure software and hardware configurations. A substantial number of recommendations such as Processes, Services, Shares, Registry settings, System settings and BitLocker status can be checked and reported on within Lansweeper. Check EOL firmware versions for network devices, and scan for the existence or absence of specific files and registry keys for complete CIS bench-marking.


Maintenance, Monitoring, and Analytics of Audit Logs

Use the wealth of event log information available in Lansweeper to keep an eye on anything that might indicate a security risk. Although Lansweeper is not a full-fledged log management system, it automatically collects logs from Windows servers and desktops. Event logs can be selected by source and searched, reported and exported. Built-in error log and user logon reports help identify inconsistencies within log data.

Increase Your Cyber Security Profile

See how Lansweeper helps implement CIS Critical Security Controls.