BASIC
Inventory and Control of Hardware Assets
1
Effectiveness: Non-Existent
Inventory and Control of Software Assets
2
Effectiveness: Non-Existent
Continuous Vulnerability Management
3
Effectiveness: Non-Existent
Controlled Use of Administrative Privileges
4
Effectiveness: Non-Existent
Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
5
Effectiveness: Non-Existent
Maintenance, Monitoring and Analysis of Audit Logs
6
Effectiveness: Non-Existent
FOUNDATIONAL
Email and Web Browser Protections
7
Effectiveness: Non-Existent
Malware Defenses
8
Effectiveness: Non-Existent
Limitation and Control of Network ports, Protocols and Services
9
Effectiveness: Non-Existent
Data Recovery Capabilities
10
Effectiveness: Non-Existent
Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
11
Effectiveness: Non-Existent
Boundary Defense
12
Effectiveness: Non-Existent
Data Protection
13
Effectiveness: Non-Existent
Controlled Access based on the Need to Know
14
Effectiveness: Non-Existent
Wireless Access Control
15
Effectiveness: Non-Existent
Account Monitoring and Control
16
Effectiveness: Non-Existent
ORGANISATIONAL
Implement a Security Awareness and Training Program
17
Effectiveness: Non-Existent
Application Software Security
18
Effectiveness: Non-Existent
Incident Response and Management
19
Effectiveness: Non-Existent
Penetration Testing and Red Team Exercises
20
Effectiveness: Non-Existent