CIS_v8CIS Control 13voice-validated
CIS_v8 13: CIS Control 13
CIS_v8
AL
Founder at SQUR · last verified 2026-06-19
Regulation text
Operate processes and tooling to establish and maintain comprehensive network monitoring and defence against security threats across the enterprise's network infrastructure and user base.
ATT&CK techniques this article tests · 15
| Technique | Why it maps | Confidence |
|---|---|---|
| T1190 | 1.0 confidence. Network monitoring detects attempts to exploit public-facing applications, identifying unusual traffic patterns or known exploit signatures. This directly supports "defence against security threats" as per CIS Control 13. | 100% |
| T1078 | 0.9 confidence. Comprehensive network monitoring identifies anomalous login attempts or unusual activity from valid accounts, indicating potential compromise. This aligns with "comprehensive network monitoring" as per CIS Control 13. | 90% |
| T1059 | 0.7 confidence. Network defense tools detect command and control (C2) traffic generated by command and scripting interpreters, preventing further compromise. This supports "defence against security threats" as per CIS Control 13. | 70% |
| T1133 | 1.0 confidence. Network monitoring identifies unauthorized external remote services connections, preventing persistent access. This directly supports "comprehensive network monitoring and defence" as per CIS Control 13. | 100% |
| T1068 | 0.8 confidence. Network defense systems detect exploit attempts targeting vulnerabilities for privilege escalation, blocking initial stages of attack. This aligns with "defence against security threats" as per CIS Control 13. | 80% |
| T1027 | 0.9 confidence. Network monitoring detects obfuscated or encrypted command and control (C2) traffic, identifying attempts to evade detection. This supports "comprehensive network monitoring" as per CIS Control 13. | 90% |
| T1046 | 1.0 confidence. Network monitoring detects and alerts on network service scanning activities, preventing reconnaissance. This directly supports "comprehensive network monitoring" as per CIS Control 13. | 100% |
| T1018 | 1.0 confidence. Network monitoring identifies internal remote system discovery attempts, preventing lateral movement. This directly supports "comprehensive network monitoring" as per CIS Control 13. | 100% |
| T1021 | 1.0 confidence. Network monitoring detects unauthorized use of remote services for lateral movement, preventing spread of compromise. This directly supports "comprehensive network monitoring and defence" as per CIS Control 13. | 100% |
| T1003 | 0.8 confidence. Network monitoring detects the use of dumped credentials for lateral movement or access to network resources. This supports "comprehensive network monitoring" as per CIS Control 13. | 80% |
| T1005 | 0.8 confidence. Network monitoring detects unusual outbound traffic patterns indicative of data collection and exfiltration from local systems. This supports "comprehensive network monitoring" as per CIS Control 13. | 80% |
| T1071 | 1.0 confidence. Network monitoring identifies command and control (C2) communications using application layer protocols, enabling early detection. This directly supports "comprehensive network monitoring" as per CIS Control 13. | 100% |
| T1090 | 0.9 confidence. Network monitoring detects suspicious proxy usage for command and control (C2) or data exfiltration. This supports "comprehensive network monitoring" as per CIS Control 13. | 90% |
| T1041 | 1.0 confidence. Network monitoring detects data exfiltration over command and control (C2) channels, preventing data loss. This directly supports "comprehensive network monitoring and defence" as per CIS Control 13. | 100% |
| T1490 | 0.7 confidence. Network monitoring detects unusual network activity or service disruptions associated with attempts to inhibit system recovery. This supports "defence against security threats" as per CIS Control 13. | 70% |
Defending mitigations · 6
| Mitigation | What it does | Confidence |
|---|---|---|
| M1031 | 1.0 confidence. Network segmentation limits the scope of network attacks, directly supporting "defence against security threats" as per CIS Control 13. | 100% |
| M1035 | 1.0 confidence. Limiting network access to resources reduces the attack surface, directly supporting "defence against security threats" as per CIS Control 13. | 100% |
| M1037 | 1.0 confidence. Filtering network traffic blocks malicious communications, directly supporting "defence against security threats" as per CIS Control 13. | 100% |
| M1040 | 1.0 confidence. Network intrusion prevention systems actively block known threats, directly supporting "defence against security threats" as per CIS Control 13. | 100% |
| M1047 | 0.9 confidence. Network monitoring generates audit logs, providing data for threat detection and incident response. This supports "comprehensive network monitoring" as per CIS Control 13. | 90% |
| M1048 | 1.0 confidence. Network allowlists and denylists control permitted network traffic, directly supporting "defence against security threats" as per CIS Control 13. | 100% |
Underlying weaknesses · 6
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-200 | 0.9 confidence. Inadequate network monitoring allows sensitive information exposure during network transmission or access. This directly relates to "comprehensive network monitoring" as per CIS Control 13. | 90% |
| CWE-284 | 0.9 confidence. Poor network access controls enable unauthorized network access, which network defense aims to prevent. This relates to "defence against security threats" as per CIS Control 13. | 90% |
| CWE-287 | 0.9 confidence. Improper authentication on network services allows unauthorized access, which network monitoring helps detect. This relates to "comprehensive network monitoring" as per CIS Control 13. | 90% |
| CWE-306 | 0.9 confidence. Missing authentication for critical network functions allows unhindered access, which network defense must prevent. This relates to "defence against security threats" as per CIS Control 13. | 90% |
| CWE-732 | 0.8 confidence. Incorrect permissions on network resources allow unauthorized access, which network monitoring can detect. This relates to "comprehensive network monitoring" as per CIS Control 13. | 80% |
| CWE-668 | 0.9 confidence. Exposure of network resources to unintended spheres increases attack surface, which network defense aims to mitigate. This relates to "defence against security threats" as per CIS Control 13. | 90% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0187 compute · voice-rubric self-validated