Disclaimer: Organizations are not required by law to comply with this document, unless legislation, or a direction given under legislation or by some other lawful authority, compels them to comply. This document does not override any obligations imposed by legislation or law. Furthermore, if this document conflicts with legislation or law, the latter takes precedence.
The Center for Internet Security (CIS) is a community-driven nonprofit responsible for developing the CIS Controls framework. CIS intends for the CIS Controls framework to assist organizations in developing, validating, and promoting timely best practice solutions to protect themselves against pervasive cyber threats. As such, the CIS Controls are constantly reviewed and modified to address and evolve with current cyber threats. Version 7.1 of the Critical Security Controls introduced Implementation Groups, three collections of recommended sub-controls within each of the major controls domains to be implemented in order (i.e. Group 1, 2, then 3) based on the size, exposure, and cyber maturity of an organization. In 2021, CIS released version 8 of its CIS Controls framework, reducing the number of domains from 20 to 18, expanding on certain control objectives, and realigning focus for cloud environments. CIS has stated that v7.1 is still a supported and current, satisfactory framework on which to build a security program; this module in its current iteration is built on CIS Controls v7.1. Mapping to align with v8 of the framework are in development and will be released in the coming months.
The published CIS Controls V7.1 framework covers the following 20 domains:
- Inventory and Control of Hardware Assets
- Inventory and Control of Software Assets
- Continuous Vulnerability Management
- Controlled Use of Administrative Privileges
- Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- Maintenance, Monitoring, and Analysis of Audit Logs
- Email and Web Browser Protections
- Malware Defenses
- Limitation and Control of Network Ports, Protocols, and Services
- Data Recovery Capabilities
- Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches
- Boundary Defense
- Data Protection
- Controlled Access Based on the Need to Know
- Wireless Access Control
- Account Monitoring and Control
- Implementing a Security Awareness and Training Program
- Application Software Security
- Incident Response and Management
- Penetration Tests and Red Team Exercises
The LogRhythm platform enables your organization to meet many CIS guidelines by collecting, managing, and analyzing log data. LogRhythm AI Engine (AIE) rules, alarms, reports, investigations, and general SIEM functionality also help your organization satisfy certain IT security elements outlined by CIS.
LogRhythm understands that organizations may be at different points of compliance maturity; the CIS Controls module is intended to assist organizations in implementing a baseline level of security controls, as is consistent with the intention of Implementation Group 1 of the CIS Controls framework. The CIS Controls module is focused on the Control Recommendations traditionally used for baseline best practice purposes. LogRhythm supports some CIS recommendations and decreases the cost to meet others through pre-built content and functionality. Using advanced LogRhythm functionality such as NetMon, TrueIdentity, SysMon, Threat Research content, and Case Management may enhance pre-built content to better support an organization's compliance efforts.
IT environments consist of heterogeneous devices, systems, and applications, all reporting log data. Millions of individual log entries can be generated daily, if not hourly. The task of organizing this information can be overwhelming. Additional recommendations to analyze and report on log data render manual processes or homegrown remedies inadequate and cost prohibitive for many organizations. LogRhythm delivers log collection, archiving, and recovery across the entire IT infrastructure and automates the first level of log analysis. Log data is categorized, identified, and normalized for easy analysis and reporting. LogRhythm’s powerful alerting capabilities automatically identify the most critical issues and notify relevant personnel. The CIS Controls module and associated reporting package works out of the box with some level of customization available. Utilizing the CIS Controls module assists in building and maintaining a sound compliance program.