4.6: Securely Manage Enterprise Assets and Software

Group:

Info icon.

Control is new to this version of the control set.

Control Statement

Securely manage enterprise assets and software. Example implementations include managing configuration through version-controlled-infrastructure-as-code and accessing administrative interfaces over secure network protocols, such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS). Do not use insecure management protocols, such as Telnet (Teletype Network) and HTTP, unless operationally essential.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]