Scribd Logo
Upload

Welcome to Scribd!

  • AuditScripts CIS Controls Executive Assessment Tool V8.0a

    Uploaded by

    amazzi
    101 views7 pages
    The document appears to be an assessment tool for an organization to evaluate its implementation of critical security controls. It contains questions about whether the organization has inventoried assets, implemented vulnerability management and patching, secured configurations, enabled auditing, and more. For each control, the organization selects its level of implementation from options including "not implemented" to "implemented and automated on all systems."

    Original Description:

    Original Title

    AuditScripts CIS Controls Executive Assessment Tool v8.0a

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document appears to be an assessment tool for an organization to evaluate its implementation of critical security controls. It contains questions about whether the organization has inventoried assets, implemented vulnerability management and patching, secured configurations, enabled auditing, and more. For each control, the organization selects its level of implementation from options including "not implemented" to "implemented and automated on all systems."

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    101 views7 pages

    AuditScripts CIS Controls Executive Assessment Tool V8.0a

    Uploaded by

    amazzi
    The document appears to be an assessment tool for an organization to evaluate its implementation of critical security controls. It contains questions about whether the organization has inventoried assets, implemented vulnerability management and patching, secured configurations, enabled auditing, and more. For each control, the organization selects its level of implementation from options including "not implemented" to "implemented and automated on all systems."

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    of 7

    Critical Security Controls Executive

    Accepted vs Addressed Risk


    Risk Addressed:

    Risk Accepted:

    Inventory and Control of Enterprise Assets


    Has your organization maintained a comprehensive inventory of all computing assets which must be defended?

    Has your organization implemented scanning tools (active & passive) to identify all the devices attached to the network?

    Inventory and Control of Software Assets


    Has your organization implemented scanning tools to identify all software applications installed in the organization?

    Has your organization implemented a software whitelisting tool that only allows authorized software program to execute on t

    Continuous Vulnerability Management


    Has your organization implemented scanning tools to identify any software vulnerabilities on systems in the organization?

    Has your organization implemented an automated patch management system to continuously update the organization's syste

    Account Management
    Has your organization implemented a scanning tool to inventory all users with elevated administrative rights on the organizati

    Has your organization ensured that only users with clear business need are granted elevated administrative rights on the orga

    Secure Configuration of Enterprise Assets and Software


    Has your organization implemented scanning tools to identify any mis-configured security settings on systems in the organizati

    Has your organization implemented a security setting configuration enforcement system on the organization's systems?

    Audit Log Management


    Has your organization enabled comprehensive audit logging on each of its critical information systems (including network dev

    Has your organization centrally aggregated their critical audit logs on a Security Information and Event Management (SIEM) pl
    This work is licensed under a Creative Commons Attribu
    Controls Executive Assessment Tool (v8.0a)

    0%

    100%

    t be defended? Select one of the Following:

    ttached to the network? Select one of the Following:

    in the organization? Select one of the Following:

    ware program to execute on the organization's systems? Select one of the Following:

    stems in the organization? Select one of the Following:

    pdate the organization's systems? Select one of the Following:

    trative rights on the organization's systems? Select one of the Following:

    ministrative rights on the organization's systems? Select one of the Following:

    gs on systems in the organization? Select one of the Following:

    organization's systems? Select one of the Following:

    stems (including network devices and applications)? Select one of the Following:

    Event Management (SIEM) platform? Select one of the Following:


    er a Creative Commons Attribution-ShareAlike 4.0 International License.
    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0

    ne of the Following: 0 0
    0 1
    DO NOT CHANGE THESE VALUES

    Implementation Status
    Select one of the Following:
    Not Implemented
    Implemented on Some Systems
    Implemented on All Systems
    Implemented & Automated on All Systems

    You might also like