Cybersecurity: Using Liongard To Support CIS Controls


As cybersecurity remains a core concern for MSPs, it can be daunting to stay on top of the many issues and best practices out there. Fortunately, organizations like the Center for Internet Security (CIS) have put together simplified guidelines to help you protect your business and clients against cyber threats. The CIS team of global experts developed 20 Critical Security Controls with prescriptive actions you can take to mitigate risk. Let’s dive in to see how Liongard can help your team support these CIS Controls.

 The Connection between Liongard and CIS Controls

Liongard provides MSPs with fresh, automated system data, which allows you to monitor customer environments for critical changes and receive alerts when something needs your attention. Liongard’s alerts span critical systems like Office 365, Active Directory, SQL Servers, firewalls, and more—and they help support specific CIS Controls.

We’ve gone through our library of alert rules and matched each one to the corresponding CIS Control it supports. In some cases, our alerts overlap to support more than one CIS Control, so we’ve mapped them to the most relevant control in each case.

How to Use Liongard to Implement CIS Controls

Access and download the list of Liongard Actionable Alerts and the CIS Controls they support here.

For your convenience, the first sheet can be sorted by System Inspector, general purpose, or the CIS Control number. The second sheet includes all of the CIS Controls and reference material. You’ll notice the 20 CIS Controls are broken down into three categories:

1. Basic CIS Controls—these should be implemented in every organization for cyber defense readiness.
2. Foundational CIS Controls, the next step up from basic—smart for any organization to implement.
3. Organizational CIS Controls, distinct from the others and focused more on people and processes.

From there, it’s easy to set up alerts in Liongard to monitor these CIS Controls:

  1. Step 1: Select relevant alert rules for your MSP and/or customers (Use our library of alerts or customize your own.)
  2. Step 2: Turn the rules on in a Template and decide which Environments to apply it to. It’s easy to start with a controlled test using a few rules and one customer Environment.
  3. Step 3: When an alert rule’s threshold is met, an automated alert will be delivered to your destination of choice (Roar, PSA, and/or email), where your team can take the necessary action.

For more help here, register for the Liongard webinar on Standardizing Support Through Actionable Alerts.

Additionally, know that you can also run reports on Liongard data to audit the systems you are managing. For certain tasks like auditing firmware versions of firewalls, it may be easier to run a report in Liongard and create project work to get started. Tune into this live session to learn more about Liongard’s reporting.

Examples of Liongard Rules that Support CIS Controls

The following are just a few examples of Liongard alert rules that MSPs have found useful in supporting specific CIS Controls:

CIS Control #1: Inventory and Control of Hardware Assets

Approximately 25 Actionable Alerts support this control, including:

  • Active Directory servers at or near the end of support
  • Active Directory workstations at or near the end of support

CIS Control #3: Continuous Vulnerability Management

Several Actionable Alerts support this control, including:

  • Active Directory user accounts with brute force attempts
  • Amazon Web Services changes to CloudTrails enabled

CIS Control #4: Controlled Use of Administrative Privileges

About 20 Actionable Alerts support this control, including:

  • Active Directory, Office 365, SonicWall and SQL Server changes to privileged users
  • Active Directory and Office 365 privileged users with stale passwords

CIS Control #11: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Approximately 65 related Actionable Alerts support this control, including:

  • SonicWall NAT policies added, removed or modified
  • Fortinet firewall policies added, removed or modified

CIS Control #16: Account Monitoring and Control

More than 60 related Actionable Alerts support this control, including:

  • Office 365 exposure to accounts with stale passwords
  • Internet Domain registrants contact details modified
  • VMWare ESXI with users list modified
  • Active Directory and Office 365 with no password expiration policy


Liongard is rooted in security and transparency best practices to maximize peace of mind for our employees, our MSP partners and their customers. For more on how to utilize Liongard to manage your CIS Controls, watch our webinar today. If you’re interested in other security frameworks, we’ve also mapped how Liongard can help support NIST’s Cybersecurity Framework and functions here.


Get The Latest Insights Delivered To Your Inbox

Liongard needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. To review our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.