Scribd
Upload
536 views

AuditScripts CIS Controls Executive Assessment Tool V8.0a

The document appears to be an assessment tool for an organization to evaluate its implementation of critical security controls. It contains questions about whether the organization has inventoried assets, implemented vulnerability management and patching, secured configurations, enabled auditing, and more. For each control, the organization selects its level of implementation from options including "not implemented" to "implemented and automated on all systems."

Uploaded by

amazzi
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
536 views

AuditScripts CIS Controls Executive Assessment Tool V8.0a

The document appears to be an assessment tool for an organization to evaluate its implementation of critical security controls. It contains questions about whether the organization has inventoried assets, implemented vulnerability management and patching, secured configurations, enabled auditing, and more. For each control, the organization selects its level of implementation from options including "not implemented" to "implemented and automated on all systems."

Uploaded by

amazzi
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Critical Security Controls Executive

Accepted vs Addressed Risk


Risk Addressed:

Risk Accepted:

Inventory and Control of Enterprise Assets


Has your organization maintained a comprehensive inventory of all computing assets which must be defended?

Has your organization implemented scanning tools (active & passive) to identify all the devices attached to the network?

Inventory and Control of Software Assets


Has your organization implemented scanning tools to identify all software applications installed in the organization?

Has your organization implemented a software whitelisting tool that only allows authorized software program to execute on t

Continuous Vulnerability Management


Has your organization implemented scanning tools to identify any software vulnerabilities on systems in the organization?

Has your organization implemented an automated patch management system to continuously update the organization's syste

Account Management
Has your organization implemented a scanning tool to inventory all users with elevated administrative rights on the organizati

Has your organization ensured that only users with clear business need are granted elevated administrative rights on the orga

Secure Configuration of Enterprise Assets and Software


Has your organization implemented scanning tools to identify any mis-configured security settings on systems in the organizati

Has your organization implemented a security setting configuration enforcement system on the organization's systems?

Audit Log Management


Has your organization enabled comprehensive audit logging on each of its critical information systems (including network dev

Has your organization centrally aggregated their critical audit logs on a Security Information and Event Management (SIEM) pl
This work is licensed under a Creative Commons Attribu
Controls Executive Assessment Tool (v8.0a)

0%

100%

t be defended? Select one of the Following:

ttached to the network? Select one of the Following:

in the organization? Select one of the Following:

ware program to execute on the organization's systems? Select one of the Following:

stems in the organization? Select one of the Following:

pdate the organization's systems? Select one of the Following:

trative rights on the organization's systems? Select one of the Following:

ministrative rights on the organization's systems? Select one of the Following:

gs on systems in the organization? Select one of the Following:

organization's systems? Select one of the Following:

stems (including network devices and applications)? Select one of the Following:

Event Management (SIEM) platform? Select one of the Following:


er a Creative Commons Attribution-ShareAlike 4.0 International License.
ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0

ne of the Following: 0 0
0 1
DO NOT CHANGE THESE VALUES

Implementation Status
Select one of the Following:
Not Implemented
Implemented on Some Systems
Implemented on All Systems
Implemented & Automated on All Systems

You might also like