CIS Compliance with ESP

Center for Internet Security - CIS Compliance with ESP


The Center for Internet Security recommends that every company strive to reach the CIS top 20 Critical controls, formerly known as the SANS top 20 controls, these controls detail a minimum security strategy to build your organization’s cyber defense into a robust security infrastructure that combats most modern threats in order to retain the integrity of your cyber assets.

ESP CIS20 img


Use Elemental's Solution to implement, monitor and enforce CIS Controls

Elemental Security Platform (ESP) is one of the most advanced cybersecurity, compliance, and risk management automation platforms on the market. Resilient enterprise SaaS, it is scalable for any network security infrastructure, from small businesses to large enterprises. ESP offers easy out-of-the-box deployment, continuous and automated management, and auditor-proof enforcement of technical controls needed to implement CIS recommended controls and benchmarks. Hundred of controls in the form of actionable security policies can be deployed to your servers and other hosts in a matter of minutes, providing instant security configuration compliance visibility in your environment. Afterward, those controls are monitored and enforced 24/7, with precise reporting on policy outcomes available to your team with a click of a button.

ESP CIS Policies

Elemental's ESP technology goes beyond simple host security configuration checking and continuous compliance reporting, it enables automatic system hardening by enforceing most of the deployed technical controls. This is easily accomplished by deploying security policies with enforcement mode activated.

An example of enforceable SSL/TLS related controls/rules:

ESP TLS enforce rules
Note: the little hammer in front of a control/rule means 'Enforceable Rule'.



Elemental waives


CIS Top 20 Critical Controls

Putting these security controls into practice is not a frivolous venture. Unprotected organizations are at risk of malware, ransomware, spyware, and DDos attacks that can hamper business productivity for days or weeks by loosing crucial access and sensitive data, both of which may never be re-attainable without a cyber protection plan. Implementing these basic security practices within your organization could vastly reduce your cyber exposure and eliminate these basic threats.

Most of the top 20 CIS Critical Controls can be implemented using Elemental's ESP solution, check details below:


Control Ref. # *** CIS TOP20 Control *** Elemental Support
-
>>>>>>> Basic CIS Controls
CBC-01 > Inventory and Control of Hardware Assets YES - tell me more ..
CBC-02 > Inventory and Control of Software Assets YES - tell me more ..
CBC-03 > Continuous Vulnerability Management YES - tell me more ..
CBC-04 > Controlled Use of Administrative Privileges YES - tell me more ..
CBC-05 > Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers | YES - tell me more ..
CBC-06 > Maintenance, Monitoring and Analysis of Audit Logs YES - tell me more ..
-
>>>>>>> Foundational CIS Controls
CFC-07 > Email and Web Browser Protections YES - tell me more ..
CFC-08 > Malware Defenses YES - tell me more ..
CFC-09 > Limitation and Control of Network Ports, Protocols and Services YES - tell me more ..
CFC-10 > Data Recovery Capabilities N/A - tell me more ..
CFC-11 > Secure Configuration for Network Devices, such as Firewalls, Routers and Switches N/A - tell me more ..
CFC-12 > Boundary Defense YES - tell me more ..
CFC-13 > Data Protection YES - tell me more ..
CFC-14 > Controlled Access Based on the Need to Know YES - tell me more ..
CFC-15 > Wireless Access Control YES - tell me more ..
CFC-16 > Account Monitoring and Control YES - tell me more ..
-
>>>>>>> Organizational CIS Controls
COC-17 > Implement a Security Awareness and Training Program N/A - tell me more ..
COC-18 > Application Software Security N/A - tell me more ..
COC-19 > Incident Response and Management N/A - tell me more ..
COC-20 > Penetration Tests and Red Team Exercises N/A - tell me more ..


button free trial