GRCWatch
Sign inStart free trial

CIS Control 1.3: Utilize an Active Discovery Tool

Blind spots in your IT infrastructure are compliance liabilities. CIS Control 1.3 requires deploying active discovery tools to continuously identify all assets connected to your enterprise network. Without visibility into what's actually connected, you can't protect it—and auditors will notice.

What this means

Active discovery tools automatically scan your network to identify connected devices, applications, and services in real-time. This goes beyond passive monitoring: active discovery actively probes the network to map all assets, including rogue devices and unauthorized connections. The CIS framework requires this discovery to run daily at minimum, ensuring your asset inventory stays current as new devices join and leave the network.

How to comply

  1. 1.Select an active discovery tool that supports your network architecture (cloud, on-premise, hybrid, or multi-cloud)
  2. 2.Configure the tool to scan your entire network scope at least daily, adjusting frequency for high-risk environments
  3. 3.Establish automated asset tagging and classification based on device type, location, and business unit
  4. 4.Integrate discovery results with your CMDB or asset management system to maintain a single source of truth
  5. 5.Set up alerts for new, unknown, or unauthorized devices detected on the network
  6. 6.Review and validate discovered assets weekly to eliminate false positives and update your official asset inventory
  7. 7.Document your discovery tool configuration, scan schedules, and results retention policies

Evidence auditors look for

  • Active discovery tool configuration reports showing daily scan scheduling
  • Network scan logs with timestamps and discovered asset counts
  • Asset inventory reports generated from discovery tool output
  • Alerts and incident records for unauthorized devices detected
  • Integration documentation showing discovery tool connected to CMDB
  • Validation records showing asset inventory reconciliation
  • Tool vendor documentation and licensing proof

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates daily asset discovery across your entire infrastructure, automatically logs scan results as compliance evidence, and flags unauthorized devices in real-time—eliminating manual scanning and evidence collection for CIS 1.3 audits.

See how GRCWatch handles this control automatically

Start free trial

Related controls

CIS 1.1 — Establish and Maintain Detailed Enterprise Asset InventoryCIS 1.2 — Address Unauthorized AssetsCIS 2.1 — Establish and Maintain a Software Inventory