Interview with technical staff about CIS Controls to measure the implementation status of control substances, including current controls, processes, and other requirements.
The CIS Controls are a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities that may affect your services offered on Azure Platforms.
How Do We Perform We interview with technical staff and ask detailed questions about CIS Controls in order to be able to measure the implementation status of control substances, including current controls, processes, and other requirements while performing the assessment. It is an Q&A study performed with the technical staff. The following steps are applied to perform the assessment: • Relevant documents are collected and reviewed; list of controls, policies, plans, standards, procedural guidelines, drawings, etc.). • Interviews are conducted to determine conformance with the standards. Each control is measured against defined measurement criterias. • The report with the results of the assessment is prepared.
The Outputs • Executive summary is prepared including an overall evaluation of the assessment. • Suggestions are presented with evaluation results. • Compliance charts provided to make a visual appearance in line with the evaluations. • Each control item is included in the report as finding and suggestions are provided on how the finding should be treated.