The Center for Internet Security Controls or #CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.

The 153 #Safeguards, which are found in the 18 controls, are a foundation to protecting your technology and data. They are not rocket science and the majority you can start to implement today.

Follow along as I outline and simplify the safeguards as we work together and #SecureIT.

Safeguard 1.4 is only required for IG2 and IG3, which is using #DHCP (Dynamic Host Configuration Protocol) logging to update Asset Inventory.

We've talked about using an Active Discovery Tool that scans the network (1.3), blocking and removing unauthorized assets (1.2), and of course why we have to maintain an accurate documented inventory of these assets (1.1).

The default DHCP time for Windows Servers is 8 days, which the computer will renew the lease automatically and get a new IP address.

Within your network, the average user today is using 4 IP addresses (VoIP phone, Computer, Smart Phone, Tablet, Watch, IoT devices like smart picture frames, or a second computer). When a Class C network allowing a possible of 256 local devices, not counting the corporate devices like servers, network equipment, and printers.

That means on average you can staff roughly 60 employees on a Class C network if it's flat and not VLANd out. Using Class A or B networks with subnetting should really be best practice - but that's for another post.

Safeguard 1.4 calls on DHCP logging to be used and reviewed at least weekly. If you are using the default 8 day lease then you likely can just build in a weekly review of the DHCP.

But for compliance purposes you want to maintain logs. The operational log (Microsoft-Windows-Dhcp-Client%4Operational.evtx) contains the full log of each lease. NOTE: This log is typically disabled by default.

In writing your policy you want to ensure that you are maintaining logs for I would say at minimum a year (typically compliance audit review period) and the policy states the review period and includes a link to the list showing when it was checked, who checked it, and if any new devices were added to inventory.

Remember your asset inventory includes any assets with the potential to store or process data including end user devices, network devices, IoT devices, and servers.

Need help getting started with your Policy?  Download a Asset Management Template here!

Join the conversation on LinkedIn - https://www.linkedin.com/posts/scottrdavispa_ciscontrols-safeguards-secureit-activity-7069349248886038528--x2R?utm_source=share&utm_medium=member_desktop