Professional Documents
Culture Documents
1.1
1.2
1.3
1.4
1.5
1.6
1.7
Sr. No.
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
Sr. No.
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10
Sr. No.
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
Sr. No.
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
5.11
Sr. No.
6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
6.10
6.11
Sr. No.
7.1
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9
7.10
Sr. No.
8.1
8.2
8.3
8.4
Sr. No.
9.1
9.2
9.3
9.4
9.5
Sr. No.
10.1
10.2
10.3
10.4
10.5
10.6
Control #1: Inventory of Authorized and Unauthorized Devices
Do you have automated asset discovery tool?
Do you use DHCP server? If yes, do you use DHCP logging to update asset inventory?
Only approved devices are connected to the network?
Do you maintain an asset inventory of all connected systems to the network?
Asset inventory must include Machine names, MAC Addresses, IP Address, Owner of device,
Purpose of each system including desktops, laptops, servers, network equipment etc, portable/personal device
Devices such as mobile phones, tablets, laptops, and other portable electronic devices that store or
process data must be identified, regardless of whether they are attached to the organization’s network.
Do you deploy network level authentication via 802.1x to limit and control which devices can be connected to the network?
Do you deploy network access control (NAC) to monitor authorized systems?
Do you utilize client certificates to validate and authenticate systems prior to connecting to the private network?
Control #2: Inventory of Authorized and Unauthorized Software
Do you deploy application whitelisting technology that allows systems to run software
only if it is included on the whitelist and prevents execution of all other software on the system?
Devise a list of authorized software and version that is required in the enterprise for each type of system.
This list should be monitored by file integrity checking tools to validate that the authorized software has not been modified.
Do you perform regular scanning for unauthorized software and generate alerts when it is discovered on a system?
Do you deploy software inventory tools throughout the organization covering each of the operating system types in use
including servers, workstations, and laptops.
Is your software inventory tied into the hardware asset inventory, do you use a tool for this
No
No
No
Yes/No Provide configuration/document If No, Give reason
No
No
No
No
No
Yes
No
No
No
Yes/No Provide configuration/document If No, Give reason
Yes
No
Yes
Yes
Yes
No
Yes
No
No
Yes
No
No
No
Yes
No
No
Yes
Yes/No Provide configuration/document If No, Give reason
No
No
Yes
Yes
Yes
Yes
No
Yes
No
No
No
No
No
No
No
No
No
Yes Pfsense
No
Yes
No
No
Yes
No
Yes
No
Yes/No Provide configuration/document If No, Give reason
Yes but only on server and daily base 3 time
Yes
Yes
Yes
Yes see training presentation
Yes
Yes
Yes/No Provide configuration/document If No, Give reason
Yes
Yes
No
Yes
Yes
Yes
Software/Tool Name Software/Tool Version No. Licensed/Unlicensed/Trial/OpenSource