Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect CIS Control Mapping and Title in IM-7 Section of Microsoft Cloud Security Benchmark #122878

Open
espanet opened this issue May 29, 2024 · 1 comment
Open

Incorrect CIS Control Mapping and Title in IM-7 Section of Microsoft Cloud Security Benchmark #122878

espanet opened this issue May 29, 2024 · 1 comment
Assignees
@msmbaldwin
Labels
assigned-to-author doc-bug Pri2 security/svc triaged

Comments

@espanet
Copy link

espanet commented May 29, 2024

There is an error in the CIS Controls v8 ID mapping for the IM-7 section of the Microsoft Cloud Security Benchmark documentation under "Restrict resource access based on conditions."

The document currently maps the IM-7 section to CIS Controls v8 ID 6.4, which is "Require MFA for Remote Network Access." However, in the Excel spreadsheet CIS Control 6.4 is incorrectly titled as 6.5: "6.4 - Require MFA for Administrative Access."

image

In my opinion the two CIS Control 6.5 and 6.4 can be mapped to this "Restrict resource access based on conditions" CSB Control, and the Excel file should be corrected.

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
@PesalaPavan
Copy link
Contributor

@espanet
Thanks for your feedback! I've assigned this issue to the author who will investigate and update as appropriate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msmbaldwin msmbaldwin

Labels
assigned-to-author doc-bug Pri2 security/svc triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msmbaldwin @espanet @PesalaPavan