Maintain Current Contact Details Rule
This rule emphasizes the importance of updating and maintaining accurate contact information.
| Rule | Maintain current contact details |
| Framework | cis_v130 |
| Severity | ✔ Critical |
Maintain Current Contact Details for CIS v1.3.0
CIS (Center for Internet Security) benchmarks are a set of best practices for securely configuring a system. Specifically, "Maintain Current Contact Details" refers to the requirement of updating contact details associated with administrative or privileged accounts to ensure that communications regarding security alerts and notifications are properly received.
Description of the Rule
The primary intent of maintaining current contact details within CIS benchmarks is to ensure that critical information is directed to the appropriate individuals or teams without delay. This information usually includes security alerts, updates on security patches, and any notifications that may affect the secure configuration or status of the system. This rule is especially crucial in larger organizations, where personnel changes can occur frequently.
Key Considerations:
- All administrative accounts must have up-to-date contact information.
- Email addresses and phone numbers should be reviewed regularly to ensure accuracy.
- Alerts and notifications should be configured to reach these contacts promptly.
- Processes should be in place for regular review and update of this information.
Troubleshooting Steps
If an issue arises where contact details appear to not be up-to-date or notifications are not being received:
- 1.Verify the current contact details for all privileged accounts.
- 2.Check email server settings and spam filters to ensure alerts are not being blocked.
- 3.Test notification systems periodically to ensure they are functioning correctly.
- 4.Review and update contact policies and ensure they include a procedure for regular updates.
Necessary Codes
Retrieving and Updating Contact Details:
Often, contact details will be managed within an organization's user directory or identity management system, such as Active Directory for Windows environments or LDAP for Linux environments.
# For Active directory, use PowerShell to retrieve contact details: Get-ADUser -Filter * -Properties Mail, MobilePhone | ft Name,Mail,MobilePhone # For updating contact details in Active Directory: Set-ADUser -Identity “username” -MobilePhone “newPhoneNumber” -EmailAddress “newEmail”
For Linux systems, updating contact details might involve editing account information in text files or databases where the information is stored. Always check which services are used within your organization to manage this information.
Step by Step Guide for Remediation
- 1.
Audit Current Contact Details: Conduct an audit of all privileged accounts to ensure contact details are accurate. This can be done manually or via scripts depending on the scale.
- 2.
Define Policies: Establish a policy within the organization for maintaining and verifying contact details. Include the frequency and methods used for verification.
- 3.
Implement Alerts: Configure and test alerting mechanisms to verify that they are capable of reaching the updated contacts quickly and reliably.
- 4.
Regular Updates: Schedule regular intervals for updating contact details. These intervals should align with staff changes or at a minimum on an annual basis.
- 5.
Documentation: Document the process and ensure there is a paper trail for changes in contacts for auditing purposes.
- 6.
Communication: Notify all team members about the importance of keeping contact details up to date and provide clear instructions on how to update their information.
By implementing these steps, organizations will satisfy the CIS requirement for maintaining current contact details, thereby contributing to a secure and responsive IT management environment.
The backbone of SEO-friendly and impactful content is clarity and precision without superfluous information. This guide is structured for clear, precise information delivery, thus it should concurrently satisfy SEO requirements.