Cybersecurity: Using Liongard To Support CIS Controls


As cybersecurity remains a core concern for MSPs, it can be daunting to stay on top of the many issues and best practices out there. Fortunately, organizations like the Center for Internet Security (CIS) have put together simplified guidelines to help you protect your business and clients against cyber threats. The CIS team of global experts developed 18 Critical Security Controls with prescriptive actions you can take to mitigate risk. Let’s dive in to see how Liongard can help your team support these CIS Controls.

 The Connection between Liongard and CIS Controls

Liongard provides MSPs with fresh, automated system data, which allows you to monitor customer environments for critical changes and receive alerts when something needs your attention. Liongard’s alerts span critical systems like Office 365, Active Directory, SQL Servers, firewalls, endpoints, and more—and they help support specific CIS Controls.

We’ve gone through our library of alert rules and matched each one to the corresponding CIS Control it supports. In some cases, our alerts overlap to support more than one CIS Control, so we’ve mapped them to the most relevant control in each case.

How to Use Liongard to Implement CIS Controls

Access and download the list of Liongard Actionable Alerts and the CIS Controls they support here.

For your convenience, the information can be sorted by System Inspector, general purpose, or the CIS Control number. The second sheet also includes all of the CIS Controls and reference material. 

From there, it’s easy to set up alerts in Liongard to monitor these CIS Controls:

  1. Step 1: Select relevant alert rules for your MSP and/or customers (Use our library of alerts or customize your own.)
  2. Step 2: Turn the rules on in a Template and decide which Environments to apply it to. It’s easy to start with a controlled test using a few rules and one customer Environment.
  3. Step 3: When an alert rule’s threshold is met, an automated alert will be delivered to your destination of choice (Roar, PSA, and/or email), where your team can take the necessary action.

For more help on any of this, you can register for one of our free monthly Liongard Learning Q&A webinars.

Additionally, know that you can also run reports on Liongard data to audit the systems you are managing. For certain tasks like auditing firmware versions of firewalls, it may be easier to run a report in Liongard and create project work to get started. 

Examples of Liongard Rules that Support CIS Controls

The following are just a few examples of Liongard alert rules that MSPs have found useful in supporting specific CIS Controls:

You can view the full set of CIS Control-aligned Actionable Alerts here.

CIS Control #1: Inventory and Control of Enterprise Assets

Approximately 40 Actionable Alerts support this control, including:

  • Active Directory Servers or Workstations at or near End of Support
  • Windows Workstation Drives with Less Than 15% Freespace
  • Devices Added/Removed from a Network

CIS Control #2: Inventory and Control of Software Assets

Approximately 50 Actionable Alerts support this control, including:

  • AWS Change to Buckets List or Volume List
  • M365 Unassigned Licenses
  • TLS/SSL (Auto-Renewing) Certificate Expiration
  • Windows Server and Windows Workstation Upcoming Machine Warranty Expiration

CIS Control #4: Secure Configuration of Enterprise Assets and Software

Approximately 80 Actionable Alerts support this control, including:

  • Changes to Firewall Software Version
  • Changes to Firewall Configuration
  • Windows Server password Policy Modified
  • Windows Workstation Guest Account not Disabled

CIS Control #5: Account Management

Approximately 70 Actionable Alerts support this control, including:

  • Active Directory (Privileged) User with Stale Password
  • Google G Suite/Workspace (Privileged) Users Added/Removed/Modified
  • M365 Changes to Privileged/Active Mail/Enabled Users
  • Windows Server (Local Privileged) User Added/Deleted

CIS Control #6: Access Control Management

Approximately 55 Actionable Alerts support this control, including:

  • AWS Change to Security Groups or Roles List
  • Fortinet Fortigate Access Profiles or Groups Added/Removed Modified
  • M365 Exposure to Accounts with Weak Passwords

CIS Control #9: Email and Web Browser Protections

Approximately 15 Actionable Alerts support this control, including:

  • Internet Domain Changes to A/MX/NS/SPF Records
  • Internet Domain Email Forgery Exposures

CIS Control #10: Malware Defenses

Approximately 9 Actionable Alerts support this control, including:

  • Webroot Infected Device Detected
  • Windows Workstation Change to Antivirus List
  • Windows Workstation Windows Defender Threats
  • SentinelOne Systems with Active Threats

Liongard is rooted in security and transparency best practices to maximize peace of mind for our employees, our MSP partners and their customers. If you’re interested in other security frameworks, we’ve also mapped how Liongard can help support NIST’s Cybersecurity Framework and functions here.


Get The Latest Insights Delivered To Your Inbox

Liongard needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. To review our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.