Comments (4)
adammontville
commented on September 18, 2024
Rough proposal
Input1) Endpoint inventory
Test1) Refine endpoint inventory to the set of endpoints supporting anti-malware (M1)
Test2) Determine set of endpoints actually having anti-malware (M2)
Test3) Endpoints supporting anti-malware (M1) configured to automatically scan removable media (M3)
M1: Number of endpoints supporting anti-malware
M2: Number of endpoints without anti-malware that should have anti-malware
M3: Number of appropriately configured endpoints
M4: Total number of anti-malware eligible endpoints (M1+M2)
Metric:
Coverage: (M4 - M3) / M4
Question: Some endpoints not supporting anti-malware software may support removable devices (i.e. network devices) - do we include these or simply mention the fact that not all removable media is addressable in this sub-control?
from cis-controls-71-measures.
apiperCIS
commented on September 18, 2024
- We should probably include a description to clarify terms like "supporting anti-malware" vs. "having anti-malware"
- Should proper configuration of the anti-malware to scan removable media be listed as an input?
from cis-controls-71-measures.
wmunyan
commented on September 18, 2024
Inputs:
- The list of endpoints
- The desired configuration setting - A "scan task" implementing automated scanning of removable media
Metric becomes # of endpoints implementing desired configuration
from cis-controls-71-measures.
apiperCIS
commented on September 18, 2024
Inputs
- Endpoint inventory (with entry for each endpoint indicating whether that endpoint can support anti-malware software or not)
- Desired anti-malware configuration (to automatically scan removable media when inserted/connected)
Assumption: Some endpoints, such as network devices, may not support anti-malware software. Whether an endpoint supports anti-malware software is provided as part of Input 1. Devices that cannot support anti-malware software are removed from the list of endpoints to be checked during Operation 1, and these devices are not counted in the metric below.
Operations
- Refine the endpoint inventory (Input 1) to only contain endpoints that can support anti-malware software endpoint inventory - this reduced list of endpoints becomes M1
- Of the set of endpoints that can support anti-malware software (M1), generate a list of those endpoints that actually have anti-malware software installed, enabled, and adhere to the configuration specified in Input 2 (M2) and a list of the endpoints that do not adhere to the specified configuration (M3). Note: Endpoints in M1 that do not have anti-malware installed and enabled, are considered non-compliant and added to M3.
Measures
M1: List of endpoints capable of supporting anti-malware software
M2: List of endpoints with anti-malware software installed, enabled, and properly configured to scan removable media (compliant list)
M3: List of endpoints not adhering to the specified configuration (non-compliant list)
M4: Number of endpoints in M1 (number of endpoints capable of supporting anti-malware software)
M5: Number of endpoints in M2 (number of compliant endpoints)
Metric:
Coverage: M5 / M4
Question: If M4 is 0 (there are no endpoints capable of supporting anti-malware software), assume improper inputs and the metric results in a 0? Or, should this default to a 1 score if there are no endpoints capable of supporting anti-malware software?
from cis-controls-71-measures.
Related Issues (20)
- Subcontrol 20.7 HOT 1
- Subcontrol 20.8 HOT 2
- Subcontrol 5.4 HOT 3
- Subcontrol 12.10 HOT 1
- Review measures for sub-control dependencies HOT 3
- Consider identifying all input variables for global reuse HOT 3
- Superfluous, but useful information HOT 2
- Add Field to Indicate if Sub-Control is Automated HOT 1
- Verify that Recommended Numbers are Provided for IG1 Proposals
- Guiding Principles
- Ensure metrics are presented in postive frame
- Ensure non-compliant lists are included in each set of measures
- Ensure measures are well-defined
- Notation update
- Consider adding front matter to describe structure and philosophy HOT 1
- Define CAS Versioning HOT 1
- Add CC By-NC-SA 4.0 License to Document HOT 2
- Define GH branching strategy for releases HOT 1
- Remove "STATUS" Section HOT 1
- Disable PDF Export HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cis-controls-71-measures.