CIS 18 CRITICAL

SECURITY CONTROLS
CHECKLIST

Learn how to Achieve CIS® Compliance

 WHAT ARE THE 18 CIS
7
7

CONTROL
Continuous safeguards

Vulnerability IG1 4/7

CRITICAL SECURITY Management IG2

IG3
7/7
7/7

®
CONTROLS ?
8
12

CONTROL
Audit Log safeguards

Management IG1 3 / 12
IG2 11 / 12

When companies struggle with what to do and IG3 12 / 12

how to demonstrate their Cyber Security efforts,

9
7

CONTROL
many turn to ISO 27001 & ISO 27002. These Email and safeguards

Web Browser IG1 2/7

frameworks are excellent for showing Protections IG2 6/7

IG3 7/7

compliance but not well-suited for prioritizing,

measuring, and implementing practical

10
7

CONTROL
Malware safeguards

IT-security initiatives. To that end, you need a Defenses IG1 3/7

IG2 7/7

consensus-based framework, such as the IG3 7/7

, CIS 18 critical security controls®which includes

11
5

CONTROL
detailed practical and prioritized advice on how Data safeguards

Recovery IG1 4/5

to implement cyber security. The CIS® controls IG2 5/5

IG3 5/5

include detailed instructions on what to do, how

12
to measure, how to prioritize, and how to audit 8
CONTROL

Network safeguards

your cybersecurity posture. Infrastructure IG1 1/8

Management IG2 7/8

IG3 8/8

1 13
5 11
CONTROL

CONTROL

Inventory and safeguards Network Monitoring safeguards

Control of IG1 2/5

and Defense IG1 0 / 11

Enterprise Assets IG2 4/5 IG2 6 / 11

IG3 5/5 IG3 11 / 11

2 14
7 9
CONTROL

CONTROL

Inventory and safeguards Security safeguards

Control of IG1 3/7

Awareness IG1 8/9

Software Assets IG2 6/7

and Skills Training IG2 9/9
IG3 7/7 IG3 9/9

3 15
14 7
CONTROL

CONTROL

Data safeguards Service Provider safeguards

Protection IG1 6 / 14
Management IG1 1/7
IG2 12 / 14 IG2 4/7
IG3 14 / 14 IG3 7/7

4 16
12 14
CONTROL

CONTROL

Secure Configuration safeguards Applications safeguards

of Enterprise Assets IG1 7 / 12

Software Security IG1 0 / 14

and Software IG2 11 / 12 IG2 11 / 14

IG3 12 / 12 IG3 14 / 14

5 17
6 9
CONTROL

CONTROL

Account safeguards Incident Response safeguards

Management IG1 4/6

Management IG1 3/9
IG2 6/6 IG2 8/9
IG3 6 /6 IG3 9/9

6 18
8 5
CONTROL

CONTROL

Access Control safeguards Penetration safeguards

Management IG1 5/8

Testing IG1 0/5
IG2 7/8 IG2 3/5
IG3 8/8 IG3 5/5

2
3 REASONS WHY YOU WHAT ARE THE 18 CIS
WOULD WANT TO BE CRITICAL SECURITY
®
CIS COMPLIANT: CONTROLS ?

Complete Visibility A well-maintained asset inventory is key in

building a more comprehensive security
Discover assets you don’t even know
about and eliminate blind spots. program based on the CIS Critical Security
Controls. As you prioritize CIS® Controls, you
should focus your efforts on 6 of the controls -
also named the or Basic
Cyber Hygiene Controls

Risk Mitigation Controls. The first two controls call for an

Anticipate potential cyber security attacks Inventory of Hardware Software Assets

with audit preventive measures. and rely heavily on the IT asset inventory.

Lansweeper can be used to support additional

controls, but as the controls are most effective
Threat Detection when implemented in order, we’ll focus on how

Get an instant cybersecurity audit of your Lansweeper can support your CIS® compliance
entire network through valuable reports. for these 6 controls below.

1 Inventory & Control of Enterprise Assets

2 Inventory & Control of Software Assets

Secure Configuration of
3 Enterprise Assets and Software

4 Account Management

5 Continuous Vulnerability Management

6 Audit Log Management

See the next page for a few of the questions you

need to be asking yourself to become compliant
in 6 of the CIS Controls.

3
 CIS 18 CRITICAL
SECURITY CONTROLS
CHECKLIST

CIS® CONTROL #1

Inventory & Control

of Enterprise Assets

Do you have a passive network scanner to

automatically detect new hardware assets
on your network?

Does the system in place automatically

report on changes of new hardware assets?

Do you have a system in place to

automatically remove unauthorized devices?

CIS® CONTROL #2 CIS® CONTROL #4

Inventory & Control Secure Configuration of

of Software Assets Enterprise Assets & Software

Are you able to automatically discover new Are you able to check and report on
software on your hardware devices? Processes, Services & System settings?

Are you able to automatically discover new Are you able to check and report on
software updates/versions on your hardware Bitlocker’s status?
devices?

Can you scan for the existence or absence of

Do you have a system in place which allows specific files and registry keys to adhere to
you to mark software as ‘allowed’, ‘denied’, or CIS benchmarks guidelines?
‘neutral’?

Are you able to check and report on

Are you able to remove unwanted software misconfigured DNS settings?
from your devices?

Are you able to uninstall or disable

Are you able to create real-time reports & unnecessary services on Enterprise assets?
dashboards from these marks?

4
 CIS 18 CRITICAL CIS® CONTROL #7

SECURITY CONTROLS Continuous Vulnerability

CHECKLIST
CIS® CONTROL #5
Account Management
Are you able to see detailed user information
including account state and password audit
data in real-time for AD, 0365 & Exchange &
local accounts?
Are you able to tell which users have local
administrative rights on an asset-by-asset
basis?
Are you able to capture all unauthorized
administrators who can manage your assets?
Management
Are you able to identify if software updates
have been updated with important security
patches?
Are you able to pull vulnerability reports
when software updates have been made
with important security patches?
Are you able to easily assess whether a
particular software-related vulnerability has
been addressed in dashboards or reports?
Can you pull an audit report to address
trending vulnerability issues such as
PrintNightmare or PetitPotam ?

Are you able to control who can manage Are you able to create email alerts to review
your assets and place restrictions per user? or alert people when a vulnerability has been
addressed or spotted?

CIS® CONTROL #8
How Lansweeper helps
implement CIS Critical
Audit Log Management
Security Controls
Do you have the possibility to access event
Learn More log information and keep an eye on anything
that might indicate a security risk?

Are you able to automatically collect logs

Try Lansweeper for Free from Windows servers and desktops?

2 weeks of unlimited scanning Is there a way for logs to be searched,

No card required reported, and exported?

Sign up now & start when ready

Does your system allow you to check on
Access all features
error logs?
5-minute onboarding

Are you able to retain audit logs across

Try Now
enterprise assets for a minimum of 90 days?

5
Lansweeper is an IT asset management
software provider helping businesses better
understand, manage and protect their IT
devices and network. Lansweeper helps
customers minimize risks and optimize their IT
assets by providing actionable insight into their
IT infrastructure at all times, offering
trustworthy, valuable, and accurate insights
about the state of users, devices, and software.

Since its launch in 2004, Lansweeper has been

developing a software platform that scans and
inventories all types of IT devices, installed
software, and active users on a network -
allowing organizations to centrally manage
their IT.

The Lansweeper platform currently discovers

and monitors over 80 million connected
devices from 28,000+ customers, including
Mercedes, FC Barcelona, Michelin, Carlsberg,
Nestle, IBM, and Samsung to governments,
banks, NGOs, and universities, driven by its 150+
strong teams in Belgium, Spain, Italy, the UK
and the USA.

Want to try Lansweeper now?

Start Your Free 14-day Trial

Not ready yet?

Watch the demo video