11.1: Maintain Standard Security Configurations for Network Devices
Maintain documented security configuration standards for all authorized network devices.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Identify |
2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Inputs
The list of authorized network devices, per Control 1.
The list of enterprise security configuration standards.
Assumption
Documentation of secure configuration standards should include any approved deviations/exceptions from industry-standard security baselines such as CIS benchmarks, DISA Security Technical Implementation Guides (STIGs), or U.S. government configuration baselines (USGCB).
Operations
Perform a set calculation, computing the Intersection (M1) of Input 1 and Input 2
Measures
M1 = The intersection of Input 1 and Input 2. This intersection measures those authorized network devices with security configuration standards.
M2 = The “left” side of the set calculation measures the number of authorized network devices without security configuration standards.
M3 = The “right” side of the set calculation measures the number of security configuration standards without any authorized network devices to which they are associated.
M4 = Count of authorized network devices.
Metrics
Coverage
Metric |
The ratio of network devices to which standard, documented security configuration
standards exist to the total number of network devices
|
Calculation |
|