The Center for Internet Security Controls or #CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of #Cybersecurity controls.

The 153 #Safeguards, which are found in the 18 controls, are a foundation to protecting your technology and data. They are not rocket science and the majority you can start to implement today.

Follow along as I outline and simplify the safeguards as we work together and #SecureIT.

Safeguard 2.2 is one that while it is common sense, has to be in writing. Ensuring that authorized software is currently supported is critical as application #zerodayvulnerabilities for outdated software is well documented and is used as a method to access your network and data.

2.2 calls that only currently supported software is used and stored in the software inventory (2.1). If software is unsupported, but is required for the business then an exception detailing mitigating controls and risk acceptance must be documented (for those still running those legacy applications). Without that documentation it must be inventoried as unauthorized. Software Support should be checked at least monthly, or more frequently.

In reality as long as the application is the current version it's supported and assumed the most secure version available. Not saying to install every update on day 1, but updates that disclose a zeroday vulnerability should be reviewed and escalated for deployment.

Remember 2.2 is requiring that you ensure the software is currently supported, even some old versions are supported typically for a couple of years after release. Windows 10 is still supported by Microsoft until 2025. Intuit QuickBooks Desktop 2020 actually just ended its support period on May 31, 2023.

So while when you initially look at 2.2, you can think how am I going to check this off. It's just making sure you know what is installed and supported in regards to the authorized software in use across your assets.

Of course your best practice should be to always ensure all software is patched and updated, including the Operating System, applications, and mobile apps.

Continue to follow the #CyberEducationMonth tag and learn other Educational Tips and Tricks on keeping your network and data secure.

Join the conversation on LinkedIn - https://www.linkedin.com/posts/scottrdavispa_ciscontrols-cybersecurity-safeguards-activity-7069718527959552001-oKYh?utm_source=share&utm_medium=member_desktop