CIS Controls Assessment Specification for Controls v7.1

General

  • About the CIS Controls
  • About the CIS Controls Assessment Specification
  • Terms of Use
  • Contributing

CIS Controls

  • CIS Control 1: Inventory and Control of Hardware Assets
  • CIS Control 2: Inventory and Control of Software Assets
  • CIS Control 3: Continuous Vulnerability Management
  • CIS Control 4: Controlled Use of Administrative Privileges
  • CIS Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
  • CIS Control 6: Maintenance, Monitoring and Analysis of Audit Logs
  • CIS Control 7: Email and Web Browser Protections
  • CIS Control 8: Malware Defenses
  • CIS Control 9: Limitation and Control of Network Ports, Protocols and Services
  • CIS Control 10: Data Recovery Capabilities
  • CIS Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
    • 11.1: Maintain Standard Security Configuration for Network Devices
    • 11.2: Document Traffic Configuration Rules
    • 11.3: Use Automated Tools to Verify Standard Device Configurations and Detect Changes
    • 11.4: Install the Latest Stable Version of Any Security-Related Updates on All Network Devices
      • Dependencies
      • Inputs
      • Operations
      • Measures
      • Metrics
        • Coverage
    • 11.5: Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions
    • 11.6: Use Dedicated Workstations for All Network Administrative Tasks
    • 11.7: Manage Network Infrastructure Through a Dedicated Network
  • CIS Control 12: Boundary Defense
  • CIS Control 13: Data Protection
  • CIS Control 14: Controlled Access Based on the Need to Know
  • CIS Control 15: Wireless Access Control
  • CIS Control 16: Account Monitoring and Control
  • CIS Control 17: Implement a Security Awareness and Training Program
  • CIS Control 18: Application Software Security
  • CIS Control 19: Incident Response and Management
  • CIS Control 20: Penetration Tests and Red Team Exercises
CIS Controls Assessment Specification for Controls v7.1
  • CIS Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches
  • 11.4: Install the Latest Stable Version of Any Security-Related Updates on All Network Devices
  • View page source

11.4: Install the Latest Stable Version of Any Security-Related Updates on All Network Devices

Install the latest stable version of any security-related updates on all network devices.

Asset Type

Security Function

Implementation Groups

Network

Protect

1, 2, 3

Dependencies

  • Sub-control 1.4: Maintain Detailed Asset Inventory

  • Sub-control 1.5: Maintain Asset Inventory Information

Inputs

  1. Network device inventory, derived from the endpoint inventory (see sub-control 1.4)

  2. Network device version information (this is a list of acceptable versions for each model of network device in Input 1; this version information needs to be updated frequently to reflect current version information and age off outdated versions)

Operations

  1. For each network device in Input 1, compare the network device’s version to the allowable versions from Input 2.

  2. Generate a list of those network devices that match an allowable version (M1)

  3. Generate a list of those network devices that do not match an allowable version (M2).

Measures

  • M1 = List of network devices

  • M2 = Count of M1

  • M3 = List of network devices that match an allowable version (compliant list)

  • M4 = Count of M3

  • M5 = List of network devices that do not match an allowable version (non-compliant list)

  • M6 = Count of M5

Metrics

Coverage

Metric
What percentage of inventoried network devices match the allowable version for that
device/OS?

Calculation

If M2 > 0, then M4 / M2; otherwise 0
Previous Next

© Copyright 2025, CIS.

Built with Sphinx using a theme provided by Read the Docs.