CIS Controls v8 · Control 4: Secure Configuration of Assets and Software
4.1 Establish and maintain a secure configuration process
Establish and maintain a secure configuration process for enterprise assets and software.
Mapped across 10 provisions
Equivalent and related requirements in other frameworks and regulations.
- ISO 27001EquivalentOfficial mapping
Source: CIS Controls v8 / ISO/IEC 27001
A.8.9 Configuration managementSecure configuration & hardening
- NIST CSF 2.0EquivalentOfficial mapping
Source: CIS Controls v8 / NIST CSF 2.0
PR.PS-01 Configuration management practices establishedSecure configuration & hardening
- Cyber EssentialsEquivalentCuratedCE-2 Secure configuration
Secure configuration & hardening
- Cyber EssentialsPartialCuratedCE-1 Firewalls
Secure configuration & hardening
- Essential EightPartialCuratedE8-5 Application control
Secure configuration & hardening
- Essential EightPartialCuratedE8-6 Restrict Microsoft Office macros
Secure configuration & hardening
- Essential EightPartialCuratedE8-7 User application hardening
Secure configuration & hardening
- NIST 800-171EquivalentCurated3.4.2 Establish and enforce security configuration settings
Secure configuration & hardening
- NIST 800-53EquivalentCuratedCM-6 Configuration settings
Secure configuration & hardening
- PCI DSSEquivalentCuratedReq. 2 Apply secure configurations to all system components
Secure configuration & hardening