Cybersecurity Frameworks - Cybersecurity Guides
Cybersecurity Control Review: Address Unauthorized Assets, CIS 1.2
Summary:
Address unauthorized assets that are detected on the company network or connecting to company resources, which is part of CIS Control 01: Inventory and Control of Enterprise Assets. Ensure that a process exists to address unauthorized assets on a weekly basis. The organization may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset.
Recommendations:
There are many ways to detect unauthorized assets but the first important step is ensuring there is a formal process for how to handle unauthorized devices when they are found. The company asset inventory should be used as a reference for this.
For example, if all computers are joined to the company's Active Directory Domain, and a computer is found that is not joined to the Domain, then there may be a device that was accidentally removed or missed, or this could be a personal device that shouldn't have access to the network.
Document a simple process/procedure for key things to look for, then steps to verify that the device in fact should not have access, and then the steps that should be taken to remove, deny or quarantine the device. Make sure that these steps are documented in the company knowledgebase for the IT and Security department. You should also make sure that any device detected and actions taken should be recorded in a ticketing system of some kind. There are many software solutions and tools available that can be used to assist with this or automate the process. More sophisticated solutions such as zero-trust access solutions can help prevent unauthorized devices altogether as well. We will discuss some of those in upcoming controls.
See the list of references below
Review these sources for more information
CIS Controls https://www.cisecurity.org/controls