• xImplementation Group: IG3
IDNameImplementation GroupsThreats
1.1Utilize an Active Discovery Tool STRIDE-LM
1.2Use a Passive Asset Discovery Tool  STRIDE-LM
1.3Use DHCP Logging to Update Asset Inventory STRIDE-LM
1.4Maintain Detailed Asset InventorySTRIDE-LM
1.5Maintain Asset Inventory Information STRIDE-LM
1.6Address Unauthorized AssetsSTRIDE-LM
1.7Deploy Port Level Access Control STRIDE-LM
1.8Utilize Client Certificates to Authenticate Hardware Assets  STRIDE-LM
2.1Maintain Inventory of Authorized SoftwareSTRIDE-LM
2.2Ensure Software is Supported by VendorSTRIDE-LM
2.3Utilize Software Inventory Tools STRIDE-LM
2.4Track Software Inventory Information STRIDE-LM
2.5Integrate Software and Hardware Asset Inventories  STRIDE-LM
2.6Address unapproved softwareSTRIDE-LM
2.7Utilize Application Whitelisting  STRIDE-LM
2.8Implement Application Whitelisting of Libraries  STRIDE-LM
2.9Implement Application Whitelisting of Scripts  STRIDE-LM
2.10Physically or Logically Segregate High Risk Applications  STRIDE-LM
3.1Run Automated Vulnerability Scanning Tools STRIDE-LM
3.2Perform Authenticated Vulnerability Scanning STRIDE-LM
3.3Protect Dedicated Assessment Accounts STRIDE-LM
3.4Deploy Automated Operating System Patch Management ToolsSTRIDE-LM
3.5Deploy Automated Software Patch Management ToolsSTRIDE-LM
3.6Compare Back-to-Back Vulnerability Scans STRIDE-LM
3.7Utilize a Risk-Rating Process STRIDE-LM
4.1Maintain Inventory of Administrative Accounts STRIDE-LM
4.2Change Default PasswordsSTRIDE-LM
4.3Ensure the Use of Dedicated Administrative AccountsSTRIDE-LM
4.4Use Unique Passwords STRIDE-LM
4.5Use Multi-Factor Authentication for All Administrative Access STRIDE-LM
4.6Use Dedicated Workstations For All Administrative Tasks  STRIDE-LM
4.7Limit Access to Script Tools STRIDE-LM
4.8Log and Alert on Changes to Administrative Group Membership STRIDE-LM
4.9Log and Alert on Unsuccessful Administrative Account Login STRIDE-LM
5.1Establish Secure ConfigurationsSTRIDE-LM
5.2Maintain Secure Images STRIDE-LM
5.3Securely Store Master Images STRIDE-LM
5.4Deploy System Configuration Management Tools STRIDE-LM
5.5Implement Automated Configuration Monitoring Systems STRIDE-LM
6.1Utilize Three Synchronized Time Sources STRIDE-LM
6.2Activate Audit LoggingSTRIDE-LM
6.3Enable Detailed Logging STRIDE-LM
6.4Ensure Adequate Storage for Logs STRIDE-LM
6.5Central Log Management STRIDE-LM
6.6Deploy SIEM or Log Analytic Tools STRIDE-LM
6.7Regularly Review Logs STRIDE-LM
6.8Regularly Tune SIEM  STRIDE-LM
7.1Ensure Use of Only Fully Supported Browsers and Email ClientsSTRIDE-LM
7.2Disable Unnecessary or Unauthorized Browser or Email Client Plugins STRIDE-LM
7.3Limit Use of Scripting Languages in Web Browsers and Email Clients STRIDE-LM