URGENT MESSAGE: Log4j Zero-Day Vulnerability Response| Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

CIS Controls Commonly Exploited Protocols Windows Management Instrumentation

This guide will focus on a commonly exploited protocol, Windows Management Instrumentation (WMI) Remote Protocol, and the Safeguards an enterprise can implement, in part or whole, to reduce their attack surface or detect anomalies associated with the exploitation of WMI. The goal is to deliver a set of best practices from the CIS Controls, CIS Benchmarks™, or additional guidance, that all enterprises can use to protect against WMI facilitated attacks.

This is accomplished by mapping WMI classes2 or events that CTAs can use to conduct attacks to the MITRE Adversarial Tactics, Techniques & Common Knowledge (ATT&CK® Framework v8.2). Specifically, the guide focuses on identifying ATT&CK Tactics, the “why” behind a CTA’s actions, and the ATT&CK Techniques or ATT&CK Sub-Techniques within those Tactics.

Windows Management Instrumentation WMI white paper