Security Controls

🛡️ Security Controls

Relevant security controls from major frameworks:

CIS Critical Security Controls® v8.0

12.112.212.312.613.1
Hide Control Details (5 controls)
12.1Ensure Network Infrastructure is Up-to-Date
NetworkProtect
Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
12.2Establish and Maintain a Secure Network Architecture
NetworkProtect
Establish and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum.
12.3Securely Manage Network Infrastructure
NetworkProtect
Securely manage network infrastructure. Example implementations include version-controlled-infrastructure-as-code, and the use of secure network protocols, such as SSH and HTTPS.
12.6Use of Secure Network Management and Communication Protocols 
NetworkProtect
Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates
13.1Centralize Security Event Alerting
NetworkDetect
Ensure service provider contracts include security requirements. Example requirements may include minimum security program requirements, security incident and/or data breach notification and response, data encryption requirements, and data disposal commitments. These security requirements must be consistent with the enterprise’s service provider management policy. Review service provider contracts annually to ensure contracts are not missing security requirements.
Attribution

Copyright Notice
© 2025 Center for Internet Security, Inc. ("CIS"). All rights reserved.

License
This product/service incorporates the CIS Critical Security Controls® with the express permission of the Center for Internet Security, Inc. Use of the CIS Controls in this commercial offering is authorized under a commercial license granted by CIS.

Trademark Notice
"CIS®" and "CIS Critical Security Controls®" are registered trademarks of the Center for Internet Security, Inc. and are used under license.

Source Reference
The original CIS Critical Security Controls are available, free of charge for non-commercial use, at: https://www.cisecurity.org/controls.

Disclaimer
CIS does not endorse, certify, or warrant this product/service. Any views or interpretations are those of Paranoid Cybersecurity, not CIS.