Inventory and Control of Software Assets 

2

Continuous Vulnerability Management 

3

Controlled Use of Administrative Privileges 

4

Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers 

5

Maintenance, Monitoring and Analysis of Audit Logs 

6

3. Continuous Vulnerability Management

4. Controlled Use of Administrative Privileges

Inventory and Control of Hardware Assets

12. Boundary Defence

13. Data Protection

14. Controlled Access Based on the Need to Know

15. Wireless Access Control

7. Email and Web Browser Protections

16. Account Monitoring and Control

19. Incident Response and Management

20. Penetration Tests and Red Team Exercises

8. Malware Defences

9. Limitation and Control of Network Ports, Protocols and Services

10. Data Recovery Capabilities

Notifications

Control Name
Domain
Domain
Evidenes
Recommendation

11. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Assignments

Control Name
Domain
Domain
Evidenes
Recommendation
Control Name
Domain
Evidenes
Recommendation
Major non-conf
Heading 5