Onapsis has released a new SANS report, “Blueprint for CIS Control Application: Securing the SAP Landscape”, that maps SAP cybersecurity to the CIS Critical Security Controls for Effective Cyber Defense.
The SANS Institute was established in 1989 as a cooperative research and education organization. The CIS Critical Security Controls are a set of internationally recognized standards outlining the most important cyber hygiene actions that every organization should implement to protect their information technology (IT) networks. The standards are developed, refined, validated, and updated by cyber experts who pull data from a variety of public and private threat sources and advices on approaching key controls that block known attacks and find the ones that get through.
The paper maps the CIS Controls for Effective Cyber Defense to SAP's cybersecurity framework by outlining a step-by-step approach organizations can take to secure SAP implementations. This approach is largely application-oriented, but also applies network restrictions to underlying network devices and firewalls, in addition to closing loopholes through operational procedures and training. The four-step approach to applying the CIS Critical Security Controls is:
Step 1: Tailor Enterprise Processes
Step 2: Secure the Landscape
Step 3: Configure the Technical Controls
Step 4: Create the Human Action Framework