The ThreatLocker® Zero Trust Endpoint Protection platform implements a rigorous deny-by-default and allow-by-exception security approach to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero -day, invisible network footholds and malware attacks as a direct result of user error.
With the capabilities of the ThreatLocker® Zero Trust Endpoint Protection platform implemented into their cybersecurity strategy, organizations in any industry around the world can verify the requirements of most compliance frameworks and sleep better at night knowing they are protected from attacks more devastating cyber threats, such as ransomware.
ThreatLocker has shared a free downloadable resource to provide IT professionals with cybersecurity compliance best practices. This article is intended to elaborate and provide a basic overview of the resource.
Complexity in compliance frameworks
Cybersecurity compliance frameworks exist to assist organizations in building robust cybersecurity strategies that will keep them one step ahead of threats. However, each framework is often ambiguous, making it difficult to ensure compliance with the outlined requirements.
To add more complexity to interpreting the demands of this compliance framework puzzle, individual frameworks are worded differently, even when they target the same necessary technology.
Compliance best practices
Regardless of the compliance framework, there are a set of basic technical controls that organizations should implement to increase their level of security and move towards compliance.
1. Access management solutions
Organizations need a centralized account and access management solution that can inventory all logins, assign each user a unique ID, log all logins, provide role-based access, and enforce least privilege/least access. The account and access management solution should also enforce strong passwords, incorporate an automatic lockout after a specified number of failed login attempts, protect authentication feedback, and disable identifiers after a period of inactivity.
2. Multi-factor authentication
Multi-factor authentication should be implemented and enforced for privileged account logins, remote access logins, and when logging into any Internet-accessible account.
3. Privileged Access Management (PAM)
You should use a privileged access management (PAM) solution to protect administrators and other privileged accounts. All privileged activity should be recorded in a secure central location. Privileged working environments are separated from non-privileged working environments, and non-privileged working environments cannot access privileged working environments. Privileged operating environments should not be able to access non-privileged operating environments, the Internet, email, or other web services. The PAM solution should allow privileged accounts to be deactivated after 45 days of inactivity.
4. Remote access management systems
Organizations need a remote access management system that monitors and logs remote access, provides automatic session locking, controls the execution of privileged commands, uses replay-resistant authentication, and uses patterned session locking to hide the display after a specific condition.
5. Whitelisting
Organizations must implement whitelisting (historically known as whitelisting) which provides an up-to-date software inventory, monitors the activity and integrity of installed software, logs all executions, and can remove or disable unused, unauthorized, and unauthorized software. supported, including operating systems. The whitelisting solution should incorporate application containment to prevent the creation of subprocesses and control the execution of mobile code, software, libraries, and scripts. Any new software should first be deployed in a sandbox environment and evaluated before allowing it into your organization.
6. Anti-malware solutions
Organizations must implement an anti-malware solution that scans endpoints, web pages and removable media in real time, incorporates automatic definition updates, and prevents connections to malicious websites.
7. Firewall
Organizations should incorporate a firewall solution that uses least privilege, blocks all unnecessary ports and Internet access, logs network activity, and terminates the connection after inactivity or the end of a session.
8. Detection/Prevention Solutions
Organizations should implement an intrusion detection/prevention solution, taking a proactive and reactive approach to their security.
9. Web Filters
Organizations need a web security solution that applies network-based URL filtering or DNS filtering.
10. Email Security
Email security solutions should be implemented to use only supported email clients, block all unnecessary file types in the email gateway, and use DMARC. Make sure your email servers have an active anti-malware solution.
11. Microsegmentation
Organizations need a technical solution to micro-segment the network virtually or using VLANs.
12. Removable media
Organizations must implement a solution to control removable media, including enforcing encryption and limiting access to it.
13. Mobile device management
Organizations should implement a mobile device management solution that encrypts mobile devices, controls mobile connections, and supports automatic locking and remote wipe and lock.
14. Recording Solution
Organizations need a secure central logging solution that ingests and alerts on Windows event logs, application event logs, network logs, data access logs, and user activity uniquely tracked to the user. Records should be reviewed regularly.
15. Patch Management
Organizations need a patch management solution that scans their environment for missing patches, provides reports and can apply them.
16. Penetration testing
Organizations must participate in penetration testing. Testing should be conducted internally and on all externally facing services. Any vulnerabilities found should be fixed.
17. Threat intelligence sharing
Organizations should participate in a threat intelligence sharing community where they exchange threat and vulnerability information so they can proactively mitigate threats and vulnerabilities.
18. Data protection
Organizations must implement measures to protect data. Granular permissions should be applied to the data. Only users who require access to specific data to perform job duties should be able to access that data.
19. Secure data deletion
Organizations need a system to securely delete data before equipment is reused or removed.
20. Encryption of sensitive data
Organizations should ensure that sensitive data is encrypted at rest (encrypted hard drives) and in transit (TLS or HTTPS) using a strong encryption algorithm.
21. Backup systems
Organizations must implement a backup system where backups are performed regularly, duplicated with copies stored both on- and off-site, and tested regularly to ensure the organization always has a working backup to assist with disaster recovery efforts.
22. Physical security controls
Organizations should have adequate physical security controls in place to protect against unwanted access, such as locks, cameras and fences. Employees and visitors must be monitored and recorded. Assets should be inventoried, discovered and tracked and any unauthorized assets should be addressed.
23. Security awareness training
Organizations should implement a role-based security awareness training solution, either produced in-house or purchased from a third-party vendor.
24. Written policies
Organizations must have written policies that employees read and sign to enforce each of the technical controls above.
Mapping requirements into compliance frameworks
While compliance frameworks each have their own set of specific criteria, they share the common goal of helping organizations build robust cyber defense strategies to protect against cyber attacks and resulting data loss. Protecting this asset of interest is essential as attackers seek to exploit valuable data.
Companies with a robust security posture, such as those using the ThreatLocker® Endpoint Protection platform, are already well on their way to achieving compliance with any framework. Add the ThreatLocker® Endpoint Protection platform to your security strategy to help build a successful compliance model and achieve world-class protection against cyber threats.
ThreatLocker has curated a downloadable guide, “The It Professional’s Blueprint for Compliance,” which maps the parallel requirements of numerous compliance frameworks, including:
- NISTSP800-171
- NIST Cybersecurity Framework (CSF)
- The Center for Internet Security (CIS) Critical Security Controls (CSC)
- The Eight Essential Maturity Model
- Computer science essentials
- Health Insurance Portability and Accountability Act (HIPAA)
The eBook features a table mapped to each of the 24 compliance best practices mapped into the six compliance frameworks, also mentioned above.
The tables in the chapters of this resource are designed to provide detailed examples of what you can implement in your environment to verify parallel requirements in each framework, from controls, to policies, to cybersecurity awareness training.
Download your free copy today
Companies with a robust security posture, such as those using the ThreatLocker® Zero Trust Endpoint Protection platform, are already well on their way to achieving compliance with any framework. Add the ThreatLocker® Zero Trust Endpoint Protection platform to your security strategy to help build a successful compliance model and achieve world-class protection against cyber threats.
Learn more about ThreatLocker®