×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

Secure Your Organization


Secure Specific Platforms


U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

Secure Your Organization


Learn


Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

CIS Control 5This is a basic Control

Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.

CIS RAM is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls. Download CIS RAM

Why is this CIS Control critical?

As delivered by manufacturers and resellers, the default configurations for operating systems and applications are normally geared towards ease-of-deployment and ease-of-use – not security. Basic controls, open services and ports, default accounts or passwords, older (vulnerable) protocols, preinstallation of unneeded software; all can be exploitable in their default state.

Developing configuration settings with good security properties is a complex task beyond the ability of individual users, requiring analysis of potentially hundreds or thousands of options in order to make good choices (the Procedures and Tool section below provides resources for secure configurations). Even if a strong initial configuration is developed and installed, it must be continually managed to avoid security “decay” as software is updated or patched, new security vulnerabilities are reported, and configurations are “tweaked” to allow the installation of new software or support new operational requirements. If not, attackers will find opportunities to exploit both network accessible services and client software.

Main Points:
  • Maintain documented, standard security configuration standards for all authorized operating systems and software.
  • Utilize a Security Content Automation Protocol (SCAP) compliant configuration monitoring system to verify all security configuration elements, catalog approved exceptions, and alert when unauthorized changes occur.
Want to implement this basic Control?

Download the CIS Controls for more details on implementing this and the other 19 Controls.

Download all
CIS Controls v7.1 (PDF)

Already downloaded the CIS Controls?

We have several resources to help you implement:

Information Hub : CIS Controls


CONTROL: 1 --- ADVISORY CONTROL: 0
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0

Pencil Webinar 10 May 2021
CONTROL: 4 --- ADVISORY CONTROL: 0

Pencil Webinar 10 May 2021