framework-mcp
Version:
Pure Data Provider architecture serving authentic CIS Controls Framework data via MCP and HTTP API. Empowers LLMs with authoritative safeguards data for analysis. Supports Microsoft Copilot custom connectors and DigitalOcean App Services deployment.
855 lines • 479 kB
JavaScript
export class SafeguardManager {
constructor() {
this.safeguards = {};
this.safeguardKeysCache = null; // Pre-computed sorted keys
this.lastCleanup = 0;
this.cache = new Map();
this.initializeSafeguards();
this.precomputeSafeguardKeys();
}
getSafeguardDetails(safeguardId, includeExamples = false) {
// Check cache first
const cacheKey = `${safeguardId}_${includeExamples}`;
const cached = this.getCachedSafeguardDetails(cacheKey);
if (cached) {
return cached;
}
const safeguard = this.safeguards[safeguardId];
if (!safeguard) {
return null;
}
// Add examples if requested
let result = { ...safeguard };
if (includeExamples) {
result = this.addImplementationExamples(result);
}
// Cache the result
this.cache.set(cacheKey, {
data: result,
timestamp: Date.now()
});
return result;
}
listAvailableSafeguards() {
// Use pre-computed sorted keys for optimal performance
if (this.safeguardKeysCache) {
return [...this.safeguardKeysCache]; // Return copy to prevent external modification
}
// Fallback to original method if pre-computed cache not available
const safeguardList = Object.keys(this.safeguards).sort((a, b) => {
const [aMajor, aMinor] = a.split('.').map(Number);
const [bMajor, bMinor] = b.split('.').map(Number);
return aMajor - bMajor || aMinor - bMinor;
});
return safeguardList;
}
getAllSafeguards() {
return { ...this.safeguards };
}
validateSafeguardId(safeguardId) {
if (!safeguardId || typeof safeguardId !== 'string') {
throw new Error('Safeguard ID is required and must be a string');
}
if (!/^[0-9]+\.[0-9]+$/.test(safeguardId)) {
throw new Error('Safeguard ID must be in format "X.Y" (e.g., "1.1", "5.1")');
}
if (!this.safeguards[safeguardId]) {
const availableSafeguards = this.listAvailableSafeguards();
throw new Error(`Safeguard ${safeguardId} not found. Available safeguards: ${availableSafeguards.join(', ')}`);
}
}
getCachedSafeguardDetails(cacheKey) {
// Clean up old cache entries periodically
this.performCacheCleanupIfNeeded();
const cached = this.cache.get(cacheKey);
if (cached && (Date.now() - cached.timestamp < 5 * 60 * 1000)) { // 5 minute cache
return cached.data;
}
return null;
}
precomputeSafeguardKeys() {
// Pre-compute and cache the sorted safeguard keys for optimal listAvailableSafeguards() performance
this.safeguardKeysCache = Object.keys(this.safeguards).sort((a, b) => {
const [aMajor, aMinor] = a.split('.').map(Number);
const [bMajor, bMinor] = b.split('.').map(Number);
return aMajor - bMajor || aMinor - bMinor;
});
}
performCacheCleanupIfNeeded() {
const now = Date.now();
// Check if cleanup is needed
if (now - this.lastCleanup < SafeguardManager.CACHE_CLEANUP_INTERVAL &&
this.cache.size < SafeguardManager.MAX_CACHE_SIZE) {
return;
}
// Remove expired entries
const expiredKeys = [];
for (const [key, entry] of this.cache.entries()) {
if (now - entry.timestamp > 5 * 60 * 1000) { // 5 minute expiry
expiredKeys.push(key);
}
}
for (const key of expiredKeys) {
this.cache.delete(key);
}
// If still too many entries, remove oldest ones
if (this.cache.size > SafeguardManager.MAX_CACHE_SIZE) {
const sortedEntries = Array.from(this.cache.entries())
.sort((a, b) => a[1].timestamp - b[1].timestamp);
const entriesToRemove = sortedEntries.slice(0, this.cache.size - SafeguardManager.MAX_CACHE_SIZE);
for (const [key] of entriesToRemove) {
this.cache.delete(key);
}
}
this.lastCleanup = now;
}
/**
* Get cache statistics for monitoring and debugging
*/
getCacheStats() {
return {
size: this.cache.size,
lastCleanup: this.lastCleanup
};
}
/**
* Clear the cache manually if needed
*/
clearCache() {
this.cache.clear();
this.lastCleanup = Date.now();
}
addImplementationExamples(safeguard) {
// Add implementation examples based on safeguard type
const examples = this.getImplementationExamples(safeguard.id);
return {
...safeguard,
implementationSuggestions: [
...safeguard.implementationSuggestions,
...examples
]
};
}
getImplementationExamples(safeguardId) {
const exampleMap = {
"1.1": [
"Example: Use Lansweeper for automated asset discovery",
"Example: Implement ServiceNow CMDB for centralized tracking",
"Example: Deploy Microsoft SCCM for Windows asset management"
],
"5.1": [
"Example: Use Azure AD for centralized account management",
"Example: Implement Okta for identity lifecycle management",
"Example: Deploy JumpCloud for directory services"
],
"6.3": [
"Example: Enable Azure MFA for all external applications",
"Example: Implement Duo Security for multi-factor authentication",
"Example: Use Google Workspace SSO with MFA enforcement"
],
"7.1": [
"Example: Establish Nessus vulnerability scanning schedule",
"Example: Implement Qualys VMDR for continuous monitoring",
"Example: Use Rapid7 InsightVM for vulnerability management"
]
};
return exampleMap[safeguardId] || [];
}
initializeSafeguards() {
this.safeguards = {
"1.1": {
id: "1.1",
title: "Establish and Maintain a Detailed Enterprise Asset Inventory",
description: "Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data",
implementationGroup: "IG1",
assetType: ["end-user devices", "network devices", "IoT devices", "servers"],
securityFunction: ["Identify"],
governanceElements: [
"Establish",
"Maintain",
"Enterprise Asset Management Policy / Process",
"Review and update the inventory of all enterprise assets bi-annually, or more frequently"
],
coreRequirements: [
"accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data"
],
subTaxonomicalElements: [
"Network Address (IF STATIC)",
"Hardware Address",
"Machine Name",
"Enterprise asset owner",
"Department for each asset",
"Asset has been approved to connect to the network",
"End-User Devices",
"Mobile",
"Portable",
"Network Devices",
"IOT Devices",
"Servers",
"Connected to Infrastructure",
"Physically",
"Virtually",
"Remotely",
"Those within cloud environments",
"Regularly Connected Devices - NOT Under Control of Enterprise",
"Detailed",
"Accurate",
"Up-to-date",
"Potential to store or process data"
],
implementationSuggestions: [
"For mobile end-user devices, MDM type tools can support this process, where appropriate"
],
relatedSafeguards: ["1.2", "1.3", "1.4", "1.5", "2.1", "3.2", "4.1", "5.1"],
keywords: ["asset", "inventory", "device", "network", "mobile", "IoT", "server", "detailed", "accurate", "up-to-date"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating enterprise asset inventory solutions against CIS Control 1.1 requirements for comprehensive asset tracking.",
objective: "Determine if a vendor solution provides complete, accurate, and up-to-date enterprise asset inventory capabilities.",
guidelines: [
"Verify coverage of all asset types: end-user devices, network devices, IoT, servers",
"Confirm data collection includes: network/hardware addresses, machine names, ownership, department approval",
"Validate inventory accuracy and real-time updating capabilities",
"Assess policy/process management and bi-annual review compliance"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"5.1": {
id: "5.1",
title: "Establish and Maintain an Inventory of Accounts",
description: "Establish and maintain an inventory of all accounts managed in the enterprise. The inventory must include both user and administrator accounts. The inventory, at a minimum, should contain the person's name, username, start/stop dates, and department. Validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.",
implementationGroup: "IG1",
assetType: ["users"],
securityFunction: ["Identify"],
governanceElements: [
"Establish and maintain an inventory of all accounts managed in the enterprise",
"The inventory must include both user and administrator accounts",
"At a minimum, should contain the person's name, username, start/stop dates, and department",
"Validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently"
],
coreRequirements: [
"Inventory of Accounts"
],
subTaxonomicalElements: [
"Establish",
"Maintain",
"Validate that all active accounts are authorized",
"Recurring schedule",
"Must Include",
"At a minimum",
"Minimum Quarterly",
"More Frequently",
"User Accounts",
"Administrator Accounts",
"Name",
"Username",
"Start Stop Dates",
"Department"
],
implementationSuggestions: [
"Account and Access Control Management",
"Identity and Access Management Tool"
],
relatedSafeguards: ["1.1", "2.1", "5.2", "5.3", "5.4", "5.5", "5.6", "6.1", "6.2", "6.7", "12.8"],
keywords: ["establish", "maintain", "inventory", "accounts", "user", "administrator", "name", "username", "dates", "department", "quarterly", "validate", "authorized", "recurring"],
systemPrompt: {
role: "account_inventory_specialist",
context: "You are evaluating account management solutions against CIS Control 5.1 requirements for comprehensive account inventory and validation.",
objective: "Determine if a vendor solution provides complete account inventory management with quarterly validation processes.",
guidelines: [
"Verify comprehensive account inventory for all user and administrator accounts",
"Confirm tracking of required metadata (name, username, start/stop dates, department)",
"Validate quarterly account authorization review processes",
"Assess automated account discovery and lifecycle management",
"Review unauthorized account detection and remediation",
"Check compliance reporting and audit trail capabilities"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"6.3": {
id: "6.3",
title: "Require MFA for Externally-Exposed Applications",
description: "Require all externally-exposed enterprise or third-party applications to enforce MFA, where supported. Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard.",
implementationGroup: "IG1",
assetType: ["users"],
securityFunction: ["Protect"],
governanceElements: [
"Require",
"Account and Access Control Management",
"Multi-Factor Authentication Tool"
],
coreRequirements: [
"all externally-exposed enterprise or third-party applications to enforce MFA",
"where supported"
],
subTaxonomicalElements: [
"ALL Externally Exposed Applications",
"Enforce",
"Where supported"
],
implementationSuggestions: [
"Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard",
"Directory service",
"SSO Provider",
"Account and Access Control Management",
"Multi-Factor Authentication Tool"
],
relatedSafeguards: ["2.1", "4.1"],
keywords: ["require", "externally-exposed", "enterprise", "third-party", "applications", "enforce", "MFA", "supported", "directory", "service", "SSO", "provider"],
systemPrompt: {
role: "multi_factor_authentication_expert",
context: "You are evaluating multi-factor authentication solutions against CIS Control 6.3 requirements for externally-exposed application protection.",
objective: "Determine if a vendor solution provides comprehensive MFA enforcement for externally-exposed enterprise and third-party applications.",
guidelines: [
"Verify MFA enforcement for all externally-exposed applications",
"Confirm support for enterprise and third-party application integration",
"Validate directory service and SSO provider MFA implementation",
"Assess MFA method variety and adaptive authentication",
"Review policy-based MFA enforcement and exception handling",
"Check compliance monitoring and MFA adoption reporting"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"7.1": {
id: "7.1",
title: "Establish and Maintain a Vulnerability Management Process",
description: "Establish and maintain a documented vulnerability management process for enterprise assets",
implementationGroup: "IG1",
assetType: ["documentation"],
securityFunction: ["Govern"],
governanceElements: [
"establish documented process",
"maintain vulnerability management process",
"review and update documentation annually",
"update when significant enterprise changes occur",
"vulnerability management policy"
],
coreRequirements: [
"vulnerability management process",
"enterprise assets scope",
"documented procedures",
"vulnerability identification",
"vulnerability assessment"
],
subTaxonomicalElements: [
"vulnerability scanning procedures",
"risk assessment criteria",
"remediation prioritization",
"patch management integration",
"vulnerability tracking",
"reporting requirements",
"roles and responsibilities",
"escalation procedures"
],
implementationSuggestions: [
"vulnerability scanning tools",
"patch management systems",
"vulnerability databases",
"CVSS scoring",
"automated scanning",
"vulnerability management platforms"
],
relatedSafeguards: ["1.1", "2.1", "7.2", "7.3", "7.4", "7.5", "7.6", "7.7"],
keywords: ["vulnerability", "management", "process", "documented", "annual", "review", "enterprise", "assets"],
systemPrompt: {
role: "vulnerability_management_process_expert",
context: "You are evaluating vulnerability management solutions against CIS Control 7.1 requirements for establishing documented vulnerability management processes.",
objective: "Determine if a vendor solution provides comprehensive vulnerability management process establishment and maintenance capabilities.",
guidelines: [
"Verify documented vulnerability management process creation",
"Confirm process maintenance and annual review capabilities",
"Validate enterprise asset scope coverage and procedures",
"Assess vulnerability identification and assessment workflows",
"Review process update mechanisms for enterprise changes",
"Check policy integration and governance framework alignment"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"1.2": {
id: "1.2",
title: "Address Unauthorized Assets",
description: "Ensure that a process exists to address unauthorized assets on a weekly basis",
implementationGroup: "IG1",
assetType: ["devices"],
securityFunction: ["Respond"],
governanceElements: [
"Ensure that a process exists to address unauthorized assets on a weekly basis"
],
coreRequirements: [
"Address Unauthorized Assets"
],
subTaxonomicalElements: [
"On a weekly basis",
"Ensure"
],
implementationSuggestions: [
"The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset"
],
relatedSafeguards: ["1.1", "1.3"],
keywords: ["unauthorized", "assets", "weekly", "remove", "deny", "quarantine", "process"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating solutions for addressing unauthorized assets against CIS Control 1.2 requirements for weekly remediation processes.",
objective: "Determine if a vendor solution provides automated detection and remediation of unauthorized assets on the network.",
guidelines: [
"Verify automated detection of unauthorized assets connected to the network",
"Confirm weekly or more frequent remediation processes",
"Assess capabilities for asset removal, network denial, or quarantine actions",
"Validate integration with asset inventory systems for authorization checks"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"1.3": {
id: "1.3",
title: "Utilize an Active Discovery Tool",
description: "Utilize an active discovery tool to identify assets connected to the enterprise's network. Configure the active discovery tool to execute daily, or more frequently.",
implementationGroup: "IG2",
assetType: ["network"],
securityFunction: ["Detect"],
governanceElements: [
"Utilize an active discovery tool to identify assets connected to the enterprise's network",
"Configure the active discovery tool to execute daily, or more frequently"
],
coreRequirements: [
"Active discovery tool"
],
subTaxonomicalElements: [
"Utilize",
"Configure",
"Execute daily",
"Execute daily, or more frequently"
],
implementationSuggestions: [ // Gray - Implementation suggestions
],
relatedSafeguards: ["1.1", "1.2", "1.4", "1.5"],
keywords: ["active", "discovery", "tool", "identify", "assets", "network", "scanning", "mapping"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating active discovery tools against CIS Control 1.3 requirements for daily network asset identification.",
objective: "Determine if a vendor solution provides active discovery capabilities to automatically identify network-connected assets.",
guidelines: [
"Verify active network scanning and asset discovery capabilities",
"Confirm daily or more frequent execution scheduling",
"Assess accuracy of asset identification across network segments",
"Validate integration with asset inventory systems for automatic updates"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"1.4": {
id: "1.4",
title: "Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory",
description: "Use DHCP logging on all DHCP servers or Internet Protocol (IP) address management tools to update the enterprise's asset inventory. Review and use logs to update the enterprise's asset inventory weekly, or more frequently.",
implementationGroup: "IG2",
assetType: ["network"],
securityFunction: ["Identify"],
governanceElements: [
"Use DHCP logging on all DHCP servers or Internet Protocol (IP) address management tools to update the enterprise's asset inventory",
"Review and use logs to update the enterprise's asset inventory weekly, or more frequently"
],
coreRequirements: [
"DHCP Logging on all DHCP servers",
"IPAM"
],
subTaxonomicalElements: [
"Use",
"Review and Use Logs",
"Update asset inventory",
"Weekly",
"More Frequently"
],
implementationSuggestions: [ // Gray - Implementation suggestions
],
relatedSafeguards: ["1.1", "1.2", "1.3", "1.5"],
keywords: ["DHCP", "logging", "update", "asset", "inventory", "IP", "address", "network", "tracking"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating DHCP logging and IPAM solutions against CIS Control 1.4 requirements for network-based asset tracking.",
objective: "Determine if a vendor solution provides DHCP logging or IP address management capabilities to enhance asset inventory accuracy.",
guidelines: [
"Verify DHCP logging capabilities on all DHCP servers",
"Assess IP address management (IPAM) tool functionality",
"Confirm weekly or more frequent log review and asset inventory updates",
"Validate automatic correlation of IP assignments with asset records"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"1.5": {
id: "1.5",
title: "Use a Passive Asset Discovery Tool",
description: "Use a passive discovery tool to identify assets connected to the enterprise's network. Review and use scans to update the enterprise's asset inventory at least weekly, or more frequently.",
implementationGroup: "IG3",
assetType: ["network"],
securityFunction: ["Detect"],
governanceElements: [
"Use a passive discovery tool to identify assets connected to the enterprise's network",
"Review and use scans to update the enterprise's asset inventory at least weekly, or more frequently"
],
coreRequirements: [
"Passive Discovery Tool"
],
subTaxonomicalElements: [
"Use",
"Review and Use scans",
"Update asset inventory",
"Weekly",
"More Frequently"
],
implementationSuggestions: [ // Gray - Implementation suggestions
],
relatedSafeguards: ["1.1", "1.2", "1.3", "1.4"],
keywords: ["passive", "discovery", "tool", "identify", "assets", "network", "traffic", "monitoring", "non-intrusive"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating passive discovery tools against CIS Control 1.5 requirements for non-intrusive network asset identification.",
objective: "Determine if a vendor solution provides passive discovery capabilities to identify network assets without active scanning.",
guidelines: [
"Verify passive network monitoring and asset discovery capabilities",
"Assess non-intrusive traffic analysis for asset identification",
"Confirm weekly or more frequent scan review and inventory updates",
"Validate integration with asset inventory systems for comprehensive coverage"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"2.1": {
id: "2.1",
title: "Establish and Maintain a Software Inventory",
description: "Establish and maintain a detailed inventory of all licensed software installed on enterprise assets",
implementationGroup: "IG1",
assetType: ["applications"],
securityFunction: ["Identify"],
governanceElements: [
"Establish and maintain a detailed inventory of all licensed software installed on enterprise assets",
"The software inventory must document the title, publisher, initial install/use date, and business purpose for each entry; where appropriate, include the Uniform Resource Locator (URL), app store(s), version(s), deployment mechanism, and decommission date",
"Review and update the software inventory bi-annually, or more frequently"
],
coreRequirements: [
"Detailed inventory of all licensed software",
"Installed on enterprise Assets"
],
subTaxonomicalElements: [
"Establish",
"Maintain",
"Must Document",
"Title",
"Publisher",
"Initial Install / Use Date",
"Business Purpose",
"URL",
"App Store(s)",
"App Version(s)",
"Deployment mechanism",
"Decomm. Date",
"Where appropriate",
"bi-annually",
"More Frequently"
],
implementationSuggestions: [ // Gray - Implementation suggestions
],
relatedSafeguards: ["1.1", "2.2", "2.3", "2.4", "2.5", "2.6", "2.7"],
keywords: ["software", "inventory", "licensed", "detailed", "enterprise", "assets", "applications"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating software inventory solutions against CIS Control 2.1 requirements for comprehensive licensed software tracking.",
objective: "Determine if a vendor solution provides complete software inventory capabilities for all licensed applications on enterprise assets.",
guidelines: [
"Verify detailed tracking of all licensed software installations",
"Confirm documentation includes: title, publisher, install date, business purpose, URL, versions, deployment mechanism",
"Assess bi-annual or more frequent inventory review capabilities",
"Validate integration with asset management systems for comprehensive coverage"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"2.2": {
id: "2.2",
title: "Ensure That Only Currently Supported Software Is Designated as Authorized",
description: "Ensure that only currently supported software is designated as authorized in the software inventory",
implementationGroup: "IG1",
assetType: ["applications"],
securityFunction: ["Identify"],
governanceElements: [
"Ensure that only currently supported software is designated as authorized in the software inventory for enterprise assets. If software is unsupported, yet necessary for the fulfillment of the enterprise's mission, document an exception detailing mitigating controls and residual risk acceptance. For any unsupported software without an exception documentation, designate as unauthorized. Review the software list to verify software support at least monthly, or more frequently."
],
coreRequirements: [
"Currently supported software",
"Authorized in the software inventory"
],
subTaxonomicalElements: [
"Ensure",
"Determine if Authorized Software Is Currently Supported",
"If Unsupported",
"Determine Necessity for Business",
"Document Exception detailing mitigating controls",
"Document Residual risk acceptance",
"Review the software list",
"Monthly",
"More frequently"
],
implementationSuggestions: [ // Gray - Implementation suggestions
],
relatedSafeguards: ["2.1", "2.3", "2.4", "2.5", "2.6", "2.7"],
keywords: ["supported", "software", "authorized", "designated", "inventory", "lifecycle", "end-of-life"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating software lifecycle management solutions against CIS Control 2.2 requirements for ensuring only supported software is authorized.",
objective: "Determine if a vendor solution provides capabilities to track software support status and manage authorization based on vendor support lifecycle.",
guidelines: [
"Verify tracking of software vendor support status and end-of-life dates",
"Assess automated designation of supported software as authorized",
"Confirm exception documentation capabilities for necessary unsupported software",
"Validate monthly or more frequent review processes for software support status"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"2.3": {
id: "2.3",
title: "Address Unauthorized Software",
description: "Ensure that unauthorized software is either removed from use on enterprise assets or receives a documented exception. Review monthly, or more frequently.",
implementationGroup: "IG1",
assetType: ["applications"],
securityFunction: ["Respond"],
governanceElements: [
"Ensure",
"Review monthly, or more frequently"
],
coreRequirements: [
"unauthorized software is either removed from use on enterprise assets or receives a documented exception"
],
subTaxonomicalElements: [
"Address Unauthorized Software",
"Remove from use",
"Document Exception",
"Monthly",
"More Frequently"
],
implementationSuggestions: [ // Gray - Implementation suggestions
],
relatedSafeguards: ["2.1", "2.2", "2.4", "2.5", "2.6", "2.7"],
keywords: ["unauthorized", "software", "removed", "approved", "enterprise", "assets", "address"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating software remediation solutions against CIS Control 2.3 requirements for addressing unauthorized software on enterprise assets.",
objective: "Determine if a vendor solution provides capabilities to detect and remediate unauthorized software installations.",
guidelines: [
"Verify automated detection of unauthorized software on enterprise assets",
"Assess software removal and uninstallation capabilities",
"Confirm exception documentation and approval workflow features",
"Validate monthly or more frequent review and remediation processes"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"2.4": {
id: "2.4",
title: "Utilize Automated Software Inventory Tools",
description: "Utilize software inventory tools, when possible, throughout the enterprise to automate the discovery and documentation of installed software.",
implementationGroup: "IG2",
assetType: ["applications"],
securityFunction: ["Detect"],
governanceElements: [
"Utilize",
"when possible"
],
coreRequirements: [
"software inventory tools",
"automate the discovery and documentation of installed software"
],
subTaxonomicalElements: [
"Automate Discovery",
"Automate Documentation",
"Installed Software",
"When possible"
],
implementationSuggestions: [ // Gray - Implementation suggestions
],
relatedSafeguards: ["2.1", "2.2", "2.3", "2.5", "2.6", "2.7"],
keywords: ["automated", "software", "inventory", "tools", "enterprise", "deployment", "discovery"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating automated software inventory tools against CIS Control 2.4 requirements for enterprise-wide software discovery and documentation.",
objective: "Determine if a vendor solution provides automated software discovery and inventory capabilities across the enterprise.",
guidelines: [
"Verify automated software discovery capabilities across all enterprise assets",
"Assess comprehensive documentation of installed software details",
"Confirm enterprise-wide deployment and coverage capabilities",
"Validate integration with centralized inventory management systems"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"2.5": {
id: "2.5",
title: "Allowlist Authorized Software",
description: "Use technical controls, such as application allowlisting, to ensure that only authorized software can execute or be accessed. Reassess bi-annually, or more frequently.",
implementationGroup: "IG2",
assetType: ["applications"],
securityFunction: ["Protect"],
governanceElements: [
"Use",
"Ensure",
"Reassess bi-annually, or more frequently"
],
coreRequirements: [
"technical controls",
"only authorized software can execute or be accessed"
],
subTaxonomicalElements: [
"Allowlist Authorized Software",
"Technical Controls",
"Execute",
"Accessed",
"Reassess",
"Bi-Annually",
"More Frequently"
],
implementationSuggestions: [
"Application Allowlisting"
],
relatedSafeguards: ["2.1", "2.2", "2.3", "2.4", "2.6", "2.7"],
keywords: ["allowlist", "authorized", "software", "technical", "controls", "application", "execution"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating application allowlisting solutions against CIS Control 2.5 requirements for restricting software execution to authorized applications only.",
objective: "Determine if a vendor solution provides technical controls to allowlist authorized software and prevent unauthorized execution.",
guidelines: [
"Verify application allowlisting and execution control capabilities",
"Assess technical controls for software execution restriction",
"Confirm bi-annual or more frequent reassessment processes",
"Validate policy management and exception handling features"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"2.6": {
id: "2.6",
title: "Allowlist Authorized Libraries",
description: "Use technical controls to ensure that only authorized software libraries, such as specific .dll, .ocx, .so. files are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually, or more frequently.",
implementationGroup: "IG2",
assetType: ["applications"],
securityFunction: ["Protect"],
governanceElements: [
"Use",
"Ensure",
"Block unauthorized libraries from loading into a system process",
"Reassess bi-annually, or more frequently"
],
coreRequirements: [
"technical controls",
"only authorized software libraries",
"are allowed to load into a system process"
],
subTaxonomicalElements: [
"Only authorized software libraries",
"Are allowed to load into a system process",
"Technical Controls",
"Block unauthorized libraries from loading into a system process",
"Reassess",
"Bi-Annually",
"More Frequently"
],
implementationSuggestions: [
"Specific .dll files",
"Specific .ocx files",
"Specific .so files"
],
relatedSafeguards: ["2.1", "2.2", "2.3", "2.4", "2.5", "2.7"],
keywords: ["allowlist", "authorized", "libraries", "dll", "ocx", "so", "system", "process", "technical"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating library allowlisting solutions against CIS Control 2.6 requirements for restricting software library loading to authorized libraries only.",
objective: "Determine if a vendor solution provides technical controls to allowlist authorized software libraries and prevent unauthorized library loading.",
guidelines: [
"Verify software library allowlisting capabilities for .dll, .ocx, .so files",
"Assess technical controls for preventing unauthorized library loading",
"Confirm bi-annual or more frequent reassessment processes",
"Validate system process protection and library validation features"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"2.7": {
id: "2.7",
title: "Allowlist Authorized Scripts",
description: "Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, files are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.",
implementationGroup: "IG3",
assetType: ["applications"],
securityFunction: ["Protect"],
governanceElements: [
"Use",
"Ensure",
"Block unauthorized scripts from executing",
"Reassess bi-annually, or more frequently"
],
coreRequirements: [
"technical controls",
"only authorized files are allowed to execute"
],
subTaxonomicalElements: [
"Only authorized files are allowed to execute",
"Technical Controls",
"Block unauthorized scripts from executing",
"Reassess",
"Bi-Annually",
"More Frequently"
],
implementationSuggestions: [
"Digital signatures",
"Version control",
"Specific .ps1 files",
"Specific .py files"
],
relatedSafeguards: ["2.1", "2.2", "2.3", "2.4", "2.5", "2.6"],
keywords: ["allowlist", "authorized", "scripts", "digital", "signatures", "version", "control", "execution"],
systemPrompt: {
role: "asset_inventory_expert",
context: "You are evaluating script allowlisting solutions against CIS Control 2.7 requirements for restricting script execution to authorized scripts only.",
objective: "Determine if a vendor solution provides technical controls to allowlist authorized scripts and prevent unauthorized script execution.",
guidelines: [
"Verify script allowlisting capabilities for .ps1, .py, and other script files",
"Assess digital signature validation and version control integration",
"Confirm bi-annual or more frequent reassessment processes",
"Validate script blocking capabilities for unauthorized execution attempts"
],
outputFormat: "Provide structured assessment with capability level (FULL/PARTIAL/FACILITATES/GOVERNANCE/VALIDATES), confidence score, and evidence summary"
}
},
"3.1": {
id: "3.1",
title: "Establish and Maintain a Data Management Process",
description: "Establish and maintain a documented data management process. In the process, address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.",
implementationGroup: "IG1",
assetType: ["data"],
securityFunction: ["Govern"],
governanceElements: [
"Establish",
"Maintain",
"Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard"
],
coreRequirements: [
"documented data management process",
"address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitivity and retention standards for the enterprise"
],
subTaxonomicalElements: [
"Documented Data management process",
"Data Sensitivity",
"Data Owner",
"Data Handling",
"Data Retention Limits",
"Disposal Requirements",
"Retention Standards",
"Review and update documentation",
"Annually",
"When significant enterprise changes occur that could impact this Safeguard"
],
implementationSuggestions: [ // Gray - Implementation suggestions
],
relatedSafeguards: ["