Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.
Why is CIS Control 1 critical?
Attackers, who can be located anywhere in the world, are continuously scanning the address space of target organizations, waiting for new and unprotected systems to be attached to the network. Attackers also look for devices (especially laptops) which come and go off of the enterprise’s network, and so get out of sync with patches or security updates. Attacks can take advantage of new hardware that is installed on the network one evening but not configured and patched with appropriate security updates until the following day. Even devices that are not visible from the Internet can be used by attackers who have already gained internal access and are hunting for internal jump points or victims. Additional systems that connect to the enterprise’s network (e.g., demonstration systems, temporary test systems, guest networks) should also be managed carefully and/or isolated in order to prevent adversarial access from affecting the security of enterprise operations.
As new technology continues to come out, BYOD (bring your own device) — where employees bring personal devices into work and connect them to the enterprise network — is becoming very common. These devices could already be compromised and be used to infect internal resources.
Managed control of all devices also plays a critical role in planning and executing system backup and recovery.
- Deploy an automated asset inventory discovery tool and use it to build a preliminary inventory of systems connected to an organization’s public and private network(s). Both active tools that scan through IPv4 or IPv6 network address ranges and passive tools that identify hosts based on analyzing their traffic should be employed.
- If the organization is dynamically assigning addresses using DHCP, then deploy dynamic host configuration protocol (DHCP) server logging, and use this information to improve the asset inventory and help detect unknown systems.
See the full text of this CIS Control and the other 20 CIS Controls
Information Hub: Inventory of Authorized and Unauthorized Devices
Advisory • 30 Jan 2018
White paper • 22 Jan 2018
Blog post • 12 Dec 2017
Blog post • 10 Oct 2017