Take a few minutes to compare your adoption of CIS Critical Security Controls 1 – 5 with similar sized organizations surveyed by Dimensional Research.
Company Size?
How many employees in your organization?
Question 1
Does your organization have automated controls to inventory systems and devices connected to the network?
Question 2
Does your organization have automated controls to differentiate between authorized and unauthorized systems and devices?
Question 3
Does your organization have automated controls to allow only authorized systems and devices to connect to the network?
Question 4
Does your organization have automated controls to inventory applications and software connected to the network?
Question 5
Does your organization have automated controls to differentiate between authorized and unauthorized applications and software?
Question 6
Does your organization have automated controls to allow only authorized applications and software to install or execute?
Question 7
Does your organization have automated controls to enforce security configuration standards for laptops, workstations, and servers?
Question 8
Does your organization have automated controls to perform vulnerability scanning?
Question 9
Are your tools able to do vulnerability scanning in authenticated mode?
Question 10
Do your organization’s vulnerability scanning tools use agents?
Question 11
Does your organization have automated controls to scan systems on the network for vulnerabilities on at least a weekly basis?
Question 12
Does your organization have automated controls to verify that important vulnerabilities with patches available are addressed within two weeks?
Question 13
Does your organization have automated controls to minimize use of accounts having administrative privileges?
Question 14
Does your organization have automated controls to change default passwords for applications, operating systems, routers, firewalls, wireless access points, and other systems?
Question 15
Does your organization have automated controls for multi-factor authentication for administrative access?
Automated Controls Comparison