CISA’s Weak Security Controls List, Part 2

Date: 2022-06-22
Author: Carolina Martinez, General Manager

CISA’s Weak Security Controls List - Part 2

Among the CISA’s top 10 list of of weak security controls: “Remote services lack sufficient controls to prevent unauthorized access.” The Cybersecurity & Infrastructure Security Agency (CISA) and other countries’ government authorities published a joint advisory with this list. As mentioned in our previous blog, the authorities researched vulnerabilities used by cyber criminals to gain initial access to a victim’s network and shared how to strengthen them.

The lack of sufficient controls in remote services ranks number 5 on the list. The report states: “During recent years, malicious threat actors have been observed targeting remote services. Network defenders can reduce the risk by adding access control mechanisms. One of these defenders is enforcing MFA (Multi-factor Authentication)”. At Versasec, we believe that it is crucial for cybersecurity providers of all sectors to supply capability and education for their customers to implement MFA solutions. Some great news is that Versasec’s flagship product, vSEC:CMS supports the largest list of credentials on the market, including physical and virtual credentials. As a result, vSEC:CMS facilitates organizations to adopt multi-factor authentication with nearly any budget and for any size of employees.

vSEC:CMS allows for easy integration, management and facilitates the deployment of certificate-based credentials for remote access. The software integrates with a vast array of industry leaders. Certificate-based Virtual Private Networks (VPNs) provide the highest level of security controls and prevent unauthorized access.

While your organization might already be issuing certificate-based credentials for desktop login, it might not be using all that a certificate has to offer. Certificates serve multiple use cases and solutions: disk encryption, digital signatures, in addition to remote access/VPN, among others. vSEC:CMS leverages the investment of certificate-based credentials to be fully used in all its possible use cases.


CISA’s Top 10 Weak Security Controls

Working closely to our customers, it is not a surprise for Versasec to find the most wanted solutions that our customers are looking for on the list of the top 10 vulnerabilities. They are among the pain points our customers have before implementing vSEC:CMS.

  1. Multi-Factor Authentication (MFA) is not enforced.
  2. Incorrectly applied privileges or permissions and errors within access control lists.
  3. Software is not up to date.
  4. Use of vendor-supplied default configurations or default login usernames and passwords.
  5. Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access.
  6. Strong password policies are not implemented.
  7. Cloud services are unprotected.
  8. Open ports and misconfigured services are exposed to the internet.
  9. Failure to detect or block phishing attempts.
  10. Poor endpoint detection and response.

About Versasec

After reading this blog, we invite you to schedule a demo or time with us to discuss further how your organization can easily deploy countermeasures to these vulnerabilities. Versasec specializes in Identity Access Management and provides a powerful digital identity software suite that is cost-effective for organizations of all sizes. Schedule a free demo of our software to adopt best security practices that could save your organization!


Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

Share this article