CSCv7|1.4

Title

Maintain Detailed Asset Inventory

Description

Maintain an accurate and up-to-date inventory of all technology assets with the potential to store or process information. This inventory shall include all hardware assets, whether connected to the organization's network or not.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Inventory and Control of Hardware Assets

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.2 Ensure system configuration is documented and verified regularly	Unix	CIS IBM AIX 7 v1.0.0 L1
2.13 Ensure Cloud Asset Inventory Is Enabled	GCP	CIS Google Cloud Platform v3.0.0 L1
3.3 Ensure AWS Config is enabled in all regions	amazon_aws	CIS Amazon Web Services Foundations v4.0.1 L2
4.9 Ensure AWS Config configuration changes are monitored	amazon_aws	CIS Amazon Web Services Foundations v4.0.1 L2
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	MobileIron - CIS Apple iOS 18 v1.0.0 L2 End User Owned
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 End User Owned
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L2
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	AirWatch - CIS Apple iOS 18 v1.0.0 L2 End User Owned
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L2
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	AirWatch - CIS Apple iOS 17 Institution Owned L2
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	MobileIron - CIS Apple iOS 17 Institution Owned L2
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	AirWatch - CIS Apple iOS 17 v1.1.0 End User Owned L2
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L2
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 End User Owned
4.9 Ensure the latest iOS device architecture is used by high-value targets	MDM	AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 BL
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 BL
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG
18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL
18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC
18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS
18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC
86.1.4 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 BitLocker (BL)
86.1.4 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 BitLocker (BL)
CIS Control 1 (1.4) Maintain Detailed Asset Inventory	Unix	CAS Implementation Group 1 Audit File

Detections

Analytics

CSCv7|1.4

Title

Description

Reference Item Details

Audit Items