CSCv7|1.4

Title

Maintain Detailed Asset Inventory

Description

Maintain an accurate and up-to-date inventory of all technology assets with the potential to store or process information. This inventory shall include all hardware assets, whether connected to the organization's network or not.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Inventory and Control of Hardware Assets

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.1 Collect system configuration regularly	Unix	CIS IBM AIX 7.2 L1 v1.1.0
2.13 Ensure Cloud Asset Inventory Is Enabled	GCP	CIS Google Cloud Platform v2.0.0 L1
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Recording Status'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
4.9 Ensure AWS Config configuration changes are monitored	amazon_aws	CIS Amazon Web Services Foundations L2 2.0.0
18.8.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
18.8.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L2 + BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L2 + BL + NG
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L2 + BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L2 + BL + NG
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' - Enabled: Block All	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L2 + BL
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L2 + BL + NG
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 BitLocker
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 Bitlocker
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L2 + BL + NG
18.9.26.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L2 + BL
CIS Control 1 (1.4) Maintain Detailed Asset Inventory	Unix	CAS Implementation Group 1 Audit File

Detections

Analytics

CSCv7|1.4

Title

Description

Reference Item Details

Audit Items