CSC 1.6: Standard Work

Ensure that unauthorized assets are either removed from the network, quarantined or the inventory is updated in a timely manner.

There are several standard processes that most organizations will need to keep the inventory healthy and credible.  Some can be integrated with existing processes, but none can be totally eliminated.  CSC 1.6 proscribes the largest and most important kind of standard work: triage.  

CSC 1.5: Useful Information

Ensure that the hardware asset inventory records the network address, hardware address, machine name, data asset owner, and department for each asset and whether the hardware asset has been approved to connect to the network. Ensure that the hardware asset inventory records the network address, hardware address, machine name, data asset owner, and department for each asset and whether the hardware asset has been approved to connect to the network.

 

CSC 1.4: the Mission

Maintain an accurate and up-to-date inventory of all technology assets with the potential to store or process information. This inventory shall include all hardware assets, whether connected to the organization's network or not.

CSC 1.4 contains the core mission of CSC 1: have an accurate Inventory of IT Stuff.  The other CSC 1 controls are just supporting ways that help deliver that core mission. 

CSC 1 Explained: Why

The CIS Critical Security Controls says the most important thing to do to secure your computers is to have a list of all your stuff.

They’re a little unclear by what this means.

The title tries to be specific: “Inventory and Control of Hardware Assets." Per Merriam Webster, asset means an owned item of value. Even if we add “hardware,” this could include lots of things: pizza boxes, mice, cables, radios, floppy diskettes, CNC lathes, security cameras, and monitors.

This is not what CIS is after.

Why CSC?

The Critical Security Controls (CSC, aka CIS Top 20) is a great framework.  Many other people think so too; it’s exploded in popularity in the last 10 years.  There are 4 big reasons why.