Assessment
Submission
AI Processing
& Analysis
Key Controls
Review
4
Final
Results

Key Controls Review

TestEntity 2 - Review and manage critical security controls

Search & Add Controls
AI-powered search finds controls based on meaning and context
AI Search Results

Found semantically similar controls

0 results

Current Key Controls

10 Total
Scoping Question 1

Will the entity’s personnel require specialized clearances or certifications? Determines if staff need background checks, professional licenses, or industry certifications before starting work. Delays onboarding if certifications lapse; compliance risk if unauthorised staff perform regulated tasks. Credential-verification process Expiration-tracking of certifications Backup resource plan for lapsed clearances

2 Controls
CIS 5.1 Found
Establish and Maintain an Inventory of Accounts

Establish and maintain an inventory of all accounts managed in the enterprise. The inventory must at a minimum include user, administrator accounts, and service accounts. The inventory, at a minimum, ...

Auto-Generated Generated during job processing
Control 5.1 is relevant to the scoping question because maintaining an inventory of accounts—including personnel names, roles, and start/stop dates—enables the organization to track which staff require specialized clearances or certifications. This c...
CIS 2.2 Found
Ensure Authorized Software is Currently Supported

Ensure that only currently supported software is designated as authorized in the software inventory for enterprise assets. If software is unsupported, yet necessary for the fulfillment of the enterpri...

Auto-Generated Generated during job processing
Control 2.2 is relevant to the scoping question because personnel requiring specialized clearances or certifications often depend on authorized, supported software to perform regulated tasks securely and compliantly. Ensuring only supported software ...
Scoping Question 2

Will the entity have physical access to the entity’s managed devices (e.g., laptops, smartphones, tablets)? Determines if the entity’s personnel will handle or use corporate-owned endpoints, which may store sensitive data. Direct device access can lead to data leakage, malware introduction, or unauthorised configuration changes. Device inventory and tracking Endpoint security policies (e.g., MDM enforcement) Access logging and tamper-evident seals

4 Controls
CIS 4.11 Found
Enforce Remote Wipe Capability on Portable End-User Devices

Remotely wipe enterprise data from enterprise-owned portable end-user devices when deemed appropriate such as lost or stolen devices, or when an individual no longer supports the enterprise.

Auto-Generated Generated during job processing
Control 4.11 is directly relevant to the scoping question because it ensures that enterprise data on managed devices can be securely erased if those devices are lost, stolen, or no longer in use by authorized personnel. This control is important for ...
CIS 3.14 Found
Log Sensitive Data Access

Log sensitive data access, including modification and disposal.

Auto-Generated Generated during job processing
Control 3.14, "Log Sensitive Data Access," is directly relevant to the scoping question because it ensures that all access, modification, or disposal of sensitive data on managed devices is recorded. This control is important for compliance as it pro...
CIS 1.1 Found
Establish and Maintain Detailed Enterprise Asset Inventory

Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data, to include: end-user devices (including portable and mobile...

Auto-Generated Generated during job processing
Control 1.1 is directly relevant to the scoping question because it ensures that all managed devices with potential physical access by personnel are accurately inventoried and tracked. This control is important for compliance as it enables the organi...
CIS 4.1 Found
Establish and Maintain a Secure Configuration Process

Establish and maintain a documented secure configuration process for enterprise assets (end-user devices, including portable and mobile, non-computing/IoT devices, and servers) and software (operating...

Auto-Generated Generated during job processing
Control 4.1 is directly relevant to the scoping question because it ensures that all managed devices with physical access by personnel are configured securely, reducing risks of data leakage, malware introduction, or unauthorized changes. This contro...
Scoping Question 3

Does the entity use proprietary or third-party technology that must be licensed separately? Flags dependencies on paid tools, platforms, or IP that add cost or complicate your management landscape. Creates unexpected cost, version-mismatch risk, and additional vendor-management overhead. License-management tracking and renewal reminders Proof-of-license audits Evaluation of alternative open-source options

2 Controls
CIS 2.1 Found
Establish and Maintain a Software Inventory

Establish and maintain a detailed inventory of all licensed software installed on enterprise assets. The software inventory must document the title, publisher, initial install/use date, and business p...

Auto-Generated Generated during job processing
Control 2.1 is directly relevant to the scoping question because maintaining a detailed software inventory enables the entity to identify all proprietary and third-party technologies in use, including those requiring separate licenses. This control i...
CIS 2.2 Found
Ensure Authorized Software is Currently Supported

Ensure that only currently supported software is designated as authorized in the software inventory for enterprise assets. If software is unsupported, yet necessary for the fulfillment of the enterpri...

Auto-Generated Generated during job processing
Control 2.2 is directly relevant to the scoping question because it requires organizations to track and authorize only currently supported software, including proprietary and third-party technologies that may require separate licensing. This control ...
Scoping Question 4

Will the entity host entity, partner, or customer data in their own network environment? Determines if your data will reside on the provider’s infrastructure rather than your controlled systems. Loss of direct control over data storage, potential co-tenant risks, and challenges in meeting data-sovereignty or compliance requirements. Contractual data-hosting SLA and security requirements Data-segregation (logical/physical) and encryption at rest Periodic network and configuration audits Defined backup, retention, and e-discovery procedures

2 Controls
CIS 3.1 Found
Establish and Maintain a Data Management Process

Establish and maintain a documented data management process. In the process, address data sensitivity, data owner, handling of data, data retention limits, and disposal requirements, based on sensitiv...

Auto-Generated Generated during job processing
Control 3.1 is directly relevant to the scoping question because it ensures that the entity has a formal process for managing data, including identifying where data is stored, its sensitivity, ownership, and retention requirements. This control is im...
CIS 3.5 Found
Securely Dispose of Data

Securely dispose of data as outlined in the enterprise’s documented data management process. Ensure the disposal process and method are commensurate with the data sensitivity.

Auto-Generated Generated during job processing
Control 3.5, "Securely Dispose of Data," is relevant to the scoping question because when data is hosted on a provider’s infrastructure, the entity must ensure that sensitive information is properly destroyed at the end of its lifecycle, even when no...
Scoping Question 5

Does the service require handling or custody of the entity’s physical assets (e.g., hardware, inventory)? Flags responsibility for equipment, shipments, or on-site physical items under the entity’s care. Asset damage, loss, or theft can disrupt operations and lead to replacement costs or insurance claims. Asset-tagging and inventory management system Insurance and liability clauses Chain-of-custody documentation for transfers

1 Controls
CIS 1.1 Found
Establish and Maintain Detailed Enterprise Asset Inventory

Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data, to include: end-user devices (including portable and mobile...

Auto-Generated Generated during job processing
Control 1.1 is directly relevant to the scoping question because it requires the organization to maintain a comprehensive and up-to-date inventory of all physical assets, including hardware and devices, under its custody. This control is important fo...
Scoping Question 6

Will the service integrate directly with core business processes or systems? Identifies if the entity’s outputs plug into mission-critical workflows (order processing, billing, manufacturing, etc.). A faulty integration can cascade failures into critical operations, causing downtime, data corruption, or billing errors. Formal change-management process Pre-/post-integration validation testing Role-based access controls on integrated interfaces

1 Controls
CIS 3.8
Document Data Flows

Document data flows. Data flow documentation includes service provider data flows and should be based on the enterprise’s data management process. Review and update documentation annually, or when sig...

Auto-Generated Generated during job processing
Control 3.8, Document Data Flows, directly addresses the scoping question by ensuring that all integrations with core business processes are clearly mapped and understood. This control is important for compliance because it enables the organization t...
Processing...

Please wait while we process your request