Boundary Firewalls and Internet Gateways

• Firewall Policies and Rules - CE.1.1

  Establish and maintain firewall policies to protect the network perimeter

• Secure Configuration of Firewall Devices - CE.1.2

  Configure firewall devices securely changing default passwords and disabling unnecessary services

Secure Configuration

• Secure Configuration for End-User Devices - CE.2.1

  Implement secure configurations for all end-user devices (e.g. laptops desktops mobile devices)

• Secure Configuration for Network Devices - CE.2.2

  Implement secure configurations for all network devices (e.g. routers switches)

• Removal or Disabling of Unnecessary Software - CE.2.3

  Remove or disable any unnecessary software from systems and devices

User Access Control

• Principle of Least Privilege - CE.3.1

  Apply the principle of least privilege to user accounts granting only the necessary access rights

• Strong Authentication - CE.3.2

  Use strong authentication methods for user accounts including strong passwords and multi-factor authentication where appropriate

• Account Management - CE.3.3

  Implement proper account management processes for creating managing and disabling user accounts

Malware Protection

• Anti-Malware Software - CE.4.1

  Deploy and maintain up-to-date anti-malware software on all systems and devices

• Preventing Execution of Malicious Code - CE.4.2

  Implement measures to prevent the execution of known malicious code

Security Update Management

• Patch Management Policy - CE.5.1

  Establish and maintain a policy for managing security updates and patches

• Timely Application of Security Updates - CE.5.2

  Apply security updates and patches to all software and operating systems in a timely manner

• Management of End-of-Life Software - CE.5.3

  Identify and manage end-of-life (EOL) software either by upgrading or removing it