>_ AYSOLI SECURITY HUB

Threat Modeling

Controls Library

All security controls mapped to CIS v8 and NIST CSF. Use the filter to view controls by framework.

Framework93 controls
CIS 1Inventory of Enterprise Assets
6
BaselineMedium

API Asset Inventory

CIS: 1.1
ExtendedMedium

Infrastructure as Code (IaC) Scanning

CIS: 1.1
ExtendedMedium

SaaS Security Posture Management (SSPM)

CIS: 1.1
BaselineLow

Hardware Asset Tagging

CIS: 1.1
ExtendedMedium

External Attack Surface Management (EASM)

CIS: 1.1
BaselineMedium

API Documentation & Inventory

CIS: 1.1
CIS 2Inventory of Software Assets
2
ExtendedMedium

AI Plugin Sandboxing

CIS: 2.1
ExtendedMedium

PowerShell Constrained Language Mode

CIS: 2.1
CIS 4Secure Configuration
5
BaselineMedium

Strict Cache-Control & Cache-Key Configuration

CIS: 4.1
BaselineLow

Device Compliance Policies

CIS: 4.1
BaselineLow

Remote Wipe (Selective)

CIS: 4.10
BaselineLow

Secret Scanning in Code Repositories

CIS: 4.1
BaselineMedium

Endpoint Compliance (Intune)

CIS: 4.1
CIS 5Account Management
3
BaselineLow

Cloud Resource Locking

CIS: 5.1
BaselineMedium

Partner Account Deprovisioning

CIS: 5.3
BaselineLow

Jailbreak & Root Detection

CIS: 5.1
CIS 6Access Control Management
22
BaselineLow

Regular Access Reviews

CIS: 6.6
ExtendedLow

Adaptive MFA (Risk-based)

CIS: 6.5
BaselineLow

Break-Glass Accounts

CIS: 6.5
ExtendedHigh

Privileged Access Workstation (PAW)

CIS: 6.4
BaselineMedium

Privileged Identity Management (PIM)

CIS: 6.2
ExtendedHigh

Tiered Administration Model

CIS: 6.2
ExtendedHigh

Mutual TLS (mTLS)

CIS: 6.3
BaselineLow

Terms of Use (B2B)

CIS: 6.2
ExtendedMedium

IAM Permissions Boundaries

CIS: 6.2
ExtendedLow

MFA for Deletion Operations

CIS: 6.5
BaselineMedium

Conditional Access Policies

CIS: 6.1
BaselineMedium

FIDO2 Enforcement

CIS: 6.5
ExtendedLow

Mailbox Delegation Monitoring

CIS: 6.2
BaselineMedium

Automated Offboarding Workflow

CIS: 6.7
ExtendedMedium

Centralized Secrets Vaulting

CIS: 6.12
BaselineLow

Guest Invitation Governance

CIS: 6.2
BaselineMedium

Least Privilege Principle

CIS: 6.2
BaselineLow

Modern Auth Enforcement

CIS: 6.1
ExtendedMedium

MFA for Windows Sign-in

CIS: 6.5
ExtendedMedium

Tenant Restrictions

CIS: 6.1
BaselineMedium

Fine-Grained RBAC / ABAC

CIS: 6.2
BaselineLow

Strict Transport Security (TLS 1.3)

CIS: 6.3
CIS 7Continuous Vulnerability Management
1
BaselineMedium

Local Patch Management (OS / Firmware)

CIS: 7.1
CIS 8Audit Log Management
4
ExtendedMedium

API Security Audit (Logging)

CIS: 8.5
ExtendedMedium

Immutable Audit Logs

CIS: 8.2
BaselineLow

Unified Audit Log (UAL)

CIS: 8.2
ExtendedHigh

SIEM Integration

CIS: 8.5
CIS 9Email and Web Browser Protections
4
BaselineLow

Anti-Phishing & Anti-Spam Policies

CIS: 9.2
BaselineMedium

Email Authentication (SPF, DKIM, DMARC)

CIS: 9.1
BaselineLow

Mailflow Rules (Transport Rules)

CIS: 9.3
BaselineLow

ATP Safe Links & Attachments

CIS: 9.2
CIS 12Network Infrastructure Management
9
BaselineLow

B2B IP Allowlisting

CIS: 12.10
BaselineLow

Rate Limiting & Throttling

CIS: 12.1
ExtendedHigh

Zero Trust Network Access (ZTNA)

CIS: 12.2
ExtendedMedium

Automated Certificate Rotation

CIS: 12.7
BaselineMedium

Network Segmentation (VLAN / Firewall Zones)

CIS: 12.2
BaselineLow

Trusted Certificate Profiles

CIS: 12.7
ExtendedMedium

Bot Management & Anti-Scraping

CIS: 12.1
BaselineLow

CAPTCHA / Proof-of-Work

CIS: 12.1
ExtendedMedium

Egress Filtering (SSRF Protection)

CIS: 12.2
CIS 13Network Monitoring and Defense
11
ExtendedHigh

Automatic Data Classification

CIS: 13.1
ExtendedHigh

Exact Data Matching (EDM)

CIS: 13.1
ExtendedMedium

Endpoint DLP Policies

CIS: 13.3
ExtendedMedium

OCR for DLP

CIS: 13.3
BaselineMedium

Data Loss Prevention (DLP)

CIS: 13.3
BaselineMedium

Data Erasure Process (Right to be Forgotten)

CIS: 13.3
ExtendedHigh

Sensitivity Labels (Purview)

CIS: 13.2
BaselineLow

External Sharing Governance

CIS: 13.3
BaselineLow

Mobile Application Management (MAM)

CIS: 13.3
BaselineLow

App Protection - Screen Capture Block

CIS: 13.3
BaselineLow

Collaboration Governance

CIS: 13.3
CIS 14Security Awareness and Skills Training
1
ExtendedLow

OSINT Hygiene & Information Minimization

CIS: 14.7
CIS 15Service Provider Management
1
ExtendedHigh

Partner Security Assessment (Supply Chain)

CIS: 15.1CIS: 15.2
CIS 16Application Software Security
13
BaselineMedium

Strict Schema Validation

CIS: 16.11
ExtendedMedium

Advanced Threat Protection (WAF)

CIS: 16.11
ExtendedMedium

DDoS Protection & Rate Limiting

CIS: 16.10
ExtendedMedium

Code Scanning (SAST / Secret Scanning)

CIS: 16.3
BaselineLow

Restricted App Consent

CIS: 16.1
BaselineLow

CORS Configuration

CIS: 16.11
BaselineMedium

Content Security Policy (CSP)

CIS: 16.11
BaselineLow

Security Headers (X-Frame / Content-Type)

CIS: 16.11
BaselineLow

HTTP Strict Transport Security (HSTS)

CIS: 16.11
BaselineMedium

Input Validation & Sanitization

CIS: 16.11
ExtendedMedium

Software Composition Analysis (SCA)

CIS: 16.7
BaselineLow

Subresource Integrity (SRI)

CIS: 16.11
ExtendedMedium

Virtual Patching via WAF

CIS: 16.11
CIS 17Incident Response Management
7
BaselineLow

AI Usage Policies

CIS: 17.1
ExtendedLow

Dark Web & Credential Leak Monitoring

CIS: 17.2
BaselineLow

Data Processing Agreement (DPA)

CIS: 17.3
BaselineMedium

Privacy by Design Guardrails

CIS: 17.3
BaselineMedium

Incident Response Playbook (Admin Compromise)

CIS: 17.3CIS: 17.4
BaselineLow

Incident Response Playbook (BYOD Security Incident)

CIS: 17.3CIS: 17.4
BaselineLow

Incident Response Playbook (Partner Compromise)

CIS: 17.3CIS: 17.4
CIS 18Penetration Testing
4
ExtendedHigh

Continuous AI Red Teaming

CIS: 18.1
ExtendedMedium

Dynamic Application Security Testing (DAST)

CIS: 18.1
ExtendedHigh

Manual Business Logic Review

CIS: 18.1
ExtendedHigh

Regular Penetration Testing

CIS: 18.1
Controls Library · AYSOLI Threat Modeling