CIS Top 20 Security Controls
Meet CIS Top 20 Security Controls requirements with privileged access management and vulnerability management solutions from BeyondTrust.
Simplifying CIS Top 20 Security Controls Compliance
Originally developed in 2008 and currently on version 6.1, The Center for Internet Security’s Critical Security Controls for Effective Cyber Defense (known as the CIS Top 20 Controls) are, “a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks.” Seen as a starting point for prioritizing cyber defense, the CIS Top 20 Controls map to many existing frameworks such as the NIST Cybersecurity Framework, NIST 800-53, ISO 27000 and regulations such as PCI, HIPAA, NERC CIP, and FISMA. The Top 20 CIS Controls have been adopted by thousands of enterprises worldwide.
If you’re just getting started with the CIS Top 20 Controls, or are looking for a way to make better use of those controls with the multiple regulations your organization is beholden to – good news! We’ve already done the work of mapping BeyondTrust’s solutions for privileged access management and vulnerability management to the controls. In fact, BeyondTrust solutions address all or part of 19 out of the 20 controls, and each of the all-important First 5 CIS Controls that seek to address the majority of cyber risks.
BeyondTrust PowerBroker Privileged Access Management and Retina Enterprise Vulnerability Management solutions help proactively eliminate data breaches from insider privilege abuse and external hacking attacks. With an integrated risk intelligence platform, BeyondTrust cybersecurity solutions reveal critical risks hidden within volumes data to prevent breaches, maintain CIS Critical Controls compliance, and ensure business continuity.
Address CIS Top 20 Security Controls Requirements with BeyondTrust Cybersecurity Solutions
BeyondTrust solutions address all or part of 19 out of the 20 controls, and each of the all-important First 5 CIS Controls that seek to address the majority of cyber risks.
1. Inventory of Authorized and Unauthorized Devices
Identify, profile and manage known and unknown devices, including network (local and remote), web, mobile, cloud, IoT and virtual assets.
2. Inventory of Authorized and Unauthorized Software
Gather information including IP, DNS, OS, MAC address, ports, services, software, processes, hardware, event logs and more.
3. Secure Configurations for Hardware & Software
Validate and report on audit settings, security settings, user rights, logging configuration and more.