The Center for Internet Security (CIS) has several program areas, of which CimTrak is uniquely aligned to support, promote and implement solutions that utilize and leverage the CIS Controls and CIS Benchmarks. CimTrak has aligned with CIS to provide a certified solution set that has full and partial overages for many of the 20 controls.
CimTrak's compliance scanning engine is recognized by the National Institute of Standards and Technology (NIST) as a Security Content Automation Protocol(SCAP) validated module, with certification to perform SCAP 1.2 compatible assessments.
Source: Center for Internet Security: CIS Controls™
CimTrak allows the user to run discovery scans to see what assets are present and then determine if those assets are known, understood and expected to be permissible on the network.
Within CimTrak a user can setup a User/Process whitelist to control who/what makes changes to specific files, or even to ignore change events from these users/processes.
CimTrak in real-time will track, report on and correct the security configuration of mobile devices, laptops, servers, workstations, point-of sale devices, and databases using a configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
CimTrak will collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.
CimTrak will continuously acquire, assess, and take action on information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.
CimTrak Flex Module allows the ability to monitor the output of any command or script. For Control 9 which is looking to monitor the required ports that should be opened or closed, Flex can be used to monitor commands such as “netstat” to keep an inventory of the ports on each server and ensure what is there is what is required.
CimTrak can be used for data recovery for critical system files or critical application files to quickly revert files back to your set baseline should anything occur such as ransomware. (only the directories configured by the user).
CimTrak can monitor devices such as routers, switches, firewalls for changes and keep baselines of their configuration files with roll-back capability if needed. This allows easy management to determine if the configuration for these devices are changing with an ability to compare the network devices to a golden image.
CimTrak can monitor attempts to access and change accounts through hashing algorithms and audit logging.
CimTrak can be used to establish a process to accept and address reports of software vulnerabilities and provide a means to contact your security group. Furthermore, for applications that rely on a database, CimTrak will utilize industry best practices that provide standard hardening configuration templates.
Incident Response and Management CimTrak can report and publish information for all workforce members, regarding reporting computer anomalies and incidents to the incident handling team.
To learn more about CIS Controls™ and best practices with CimTrak, download the solution brief today.