Frequently Asked Questions

CIS Control 4: Secure Configuration of Enterprise Assets and Software

What is CIS Control 4 and why is it important?

CIS Control 4 focuses on the secure configuration of enterprise assets and software. It requires organizations to establish a continuous process to manage and ensure that all assets—including endpoints, mobile devices, servers, cloud resources, and software—are configured securely. This is crucial because default configurations often contain vulnerabilities such as default passwords, weak access controls, and unnecessary debugging interfaces. Secure configuration helps prevent unauthorized modifications and reduces exposure to potential attacks. Learn more.

What are the Implementation Groups (IGs) in CIS Control 4?

Implementation Groups (IGs) are self-assessed categories that prioritize safeguards based on an organization's cybersecurity attributes. IG1 is the most basic level, followed by IG2 and IG3, which represent increasing security requirements. Any safeguard required for IG1 must also be implemented in IG2 and IG3. This tiered approach helps organizations apply controls appropriate to their risk profile. Read more.

What are the twelve safeguards of CIS Control 4?

CIS Control 4 includes twelve safeguards, each mapped to a NIST CSF function and a starting Implementation Group. These safeguards cover secure configuration processes, session locking, firewall management, asset management, default account management, disabling unnecessary services, configuring trusted DNS servers, device lockout, remote wipe capability, and workspace separation. For a detailed list and descriptions, visit CIS Control 4 Explained.

Where can I find more information about CIS Control 4?

You can find a comprehensive explanation of CIS Control 4, including its safeguards and implementation guidance, at this page.

IONIX Features & Capabilities

What cybersecurity solutions does IONIX offer?

IONIX specializes in cybersecurity solutions focused on attack surface risk management. Its platform provides Attack Surface Discovery, Risk Assessment, Risk Prioritization, and Risk Remediation. Key features include discovering all relevant assets, monitoring changes in your attack surface, and reducing noise for more efficient security operations. Learn more.

What are the key capabilities and benefits of IONIX?

IONIX offers complete external web footprint identification, proactive security management, real attack surface visibility, and continuous discovery and inventory of internet-facing assets. These capabilities help organizations improve risk management, reduce mean time to resolution (MTTR), and optimize security operations. For more details, visit Why Ionix.

What integrations does IONIX support?

IONIX integrates with tools such as Jira, ServiceNow, Slack, Splunk, Microsoft Sentinel, Palo Alto Cortex/Demisto, and AWS services including AWS Control Tower, AWS PrivateLink, and pre-trained Amazon SageMaker Models. For a full list, visit IONIX Integrations.

Does IONIX offer an API for integrations?

Yes, IONIX provides an API that supports integrations with major platforms like Jira, ServiceNow, Splunk, Cortex XSOAR, and more. For details, visit IONIX Integrations.

Use Cases & Customer Success

Who can benefit from using IONIX?

IONIX is designed for Information Security and Cybersecurity VPs, C-level executives, IT managers, and security managers across industries, including Fortune 500 companies. Its solutions are tailored for organizations in insurance, financial services, energy, critical infrastructure, IT, technology, and healthcare. See customer stories.

What are some real-world case studies of IONIX customers?

IONIX has helped organizations like E.ON continuously discover and inventory internet-facing assets, Warner Music Group boost operational efficiency, and Grand Canyon Education proactively remediate vulnerabilities. Read these case studies: E.ON, Warner Music Group, Grand Canyon Education.

What business impact can customers expect from using IONIX?

Customers can expect improved risk management, operational efficiency, cost savings, and enhanced security posture. IONIX enables visualization and prioritization of attack surface threats, actionable insights, and streamlined workflows to reduce mean time to resolution (MTTR). Learn more.

Security, Compliance & Performance

What security and compliance certifications does IONIX have?

IONIX is SOC2 compliant and supports companies with NIS-2 and DORA compliance, ensuring robust security measures and regulatory alignment.

How is IONIX rated for product performance and innovation?

IONIX earned top ratings for product innovation, security, functionality, and usability. It was named a leader in the Innovation and Product categories of the ASM Leadership Compass for completeness of product vision and a customer-oriented, cutting-edge approach to ASM. See details.

Support & Implementation

How long does it take to implement IONIX and how easy is it to start?

Getting started with IONIX is simple and efficient. Initial deployment takes about a week and requires only one person to implement and scan the entire network. Customers have access to onboarding resources like guides, tutorials, webinars, and a dedicated Technical Support Team. Read more.

What support and maintenance services does IONIX provide?

IONIX offers technical support and maintenance services during the subscription term, including troubleshooting, upgrades, and maintenance. Customers are assigned a dedicated account manager and benefit from regular review meetings. See terms.

What training and onboarding resources are available for IONIX customers?

IONIX provides guides, tutorials, webinars, and a dedicated Technical Support Team to assist customers during implementation and adoption. Learn more.

Guides & Resources

Where can I find guides and resources created by IONIX?

IONIX offers comprehensive guides on cybersecurity topics, including the 18 CIS Controls, exposure management, vulnerability assessments, and more. Visit the IONIX Guides page for detailed articles and actionable advice.

What is the purpose of the IONIX Guides section?

The IONIX Guides section provides resources and insights into cybersecurity topics, tools, and frameworks. These guides help organizations enhance their security posture, understand key concepts, and implement best practices. Topics include Automated Security Control Assessment (ASCA), web application security, exposure management, vulnerability assessments, the OWASP Top 10, CIS Controls, and attack surface management. Explore guides.

Where can I find more information about the 18 CIS Controls?

Learn more about the 18 CIS Controls and their significance for cybersecurity by visiting this page.

What is CIS Control 4 about?

CIS Control 4 involves the secure configuration of enterprise assets and software. It establishes a continuous process to manage and ensure that all enterprise assets—including endpoints, mobile devices, servers, cloud resources, and software—are configured securely. Read more.

CIS Control 4 Explained: Secure Configuration of Enterprise Assets and Software

CIS Control 4 involves the secure configuration of enterprise assets and software. This means establishing a continuous process to manage and ensure that all enterprise assets including endpoints, mobile devices, servers, cloud resources and software are configured securely.

The Importance of Control 4

Not all software and hardware assets are secure in their default configurations. Common issues include default passwords, weak access control policies and unnecessary debugging interfaces, which can create vulnerabilities across various products. Additionally, enterprises often have unique business requirements that necessitate configuration changes such as enabling legacy protocols or using weak cryptography. This further increases their exposure to potential attacks.

Effectively managing security configurations is crucial. Organizations should apply secure default settings for all assets and ensure that any configuration changes or updates go through a formal review and approval process. This helps prevent unauthorized modifications that could compromise security.

Implementation Groups (IGs)

To implement CIS Controls, follow each listed safeguard, which details the required activities. Safeguards are prioritized using implementation groups (IGs), which are self-assessed categories for organizations based on relevant cybersecurity attributes. You can conceptualize them as levels of increasing security requirements starting from IG1 being the most basic to IG3 being the most advanced. The higher level groups are included in the lower ones.

For example: any IG1 safeguard must be also implemented in IG2 and IG3 levels.

The Safeguards of Control 4

There are twelve safeguards in CIS Control 4. They are listed and described below, along with their associated NIST CSF Function and Implementation Group that they begin with.

Safeguard NumberSafeguard TitleNIST Security FunctionStartingImplementation Group
Safeguard 4.1Establish and Maintain a Secure Configuration ProcessGovernIG1
Safeguard 4.2Establish and Maintain a Secure Configuration Process for Network InfrastructureGovernIG1
Safeguard 4.3Configure Automatic Session Locking on Enterprise AssetsProtectIG1
Safeguard 4.4Implement and Manage a Firewall on ServersProtectIG1
Safeguard 4.5Implement and Manage a Firewall on End-User DevicesProtectIG1
Safeguard 4.6Securely Manage Enterprise Assets and SoftwareProtectIG1
Safeguard 4.7Manage Default Accounts on Enterprise Assets and SoftwareProtectIG1
Safeguard 4.8Uninstall or Disable Unnecessary Services on Enterprise Assets and SoftwareProtectIG2
Safeguard 4.9Configure Trusted DNS Servers on Enterprise AssetsProtectIG2
Safeguard 4.10Enforce Automatic Device Lockout on Portable End-User DevicesProtectIG2
Safeguard 4.11Enforce Remote Wipe Capability on Portable End-User DevicesProtectIG2
Safeguard 4.12Separate Enterprise Workspaces on Mobile End-User DevicesProtectIG3