CISA Cybersecurity Performance Goals: Device Security Security Controls
Controls that ensure devices are inventoried, hardened, segmented, and protected against malware and unauthorized use.
Device Security
An inventory of authorized hardware and software assets is maintained
You cannot protect what you do not know exists. An asset inventory is the foundation of every other ...
Devices are configured securely with hardened baselines
Default device configurations are designed for ease of setup, not security. Default credentials, unn...
Network segmentation isolates critical systems
A flat network where every device can reach every other device means that compromising one endpoint ...
Endpoint detection and response (EDR) is deployed on all managed devices
Antivirus alone is no longer sufficient against modern threats. Endpoint Detection and Response (EDR...
Critical and high CVEs are patched within 14 days; all others within 30 days
The majority of successful compromises exploit vulnerabilities that already have patches available. ...
Full-disk encryption is enforced on all endpoints and portable storage
Laptops and portable drives are lost and stolen constantly. Without disk encryption, anyone who obta...