CIS Controls: Vectimus Mapping
The CIS Critical Security Controls define prioritised security actions. Vectimus maps to Control 16 (Application Software Security) by preventing AI agents from exposing application secrets and credentials.
CIS-16: Application Software Security
Coverage: PARTIAL
CIS Control 16 covers secure software development practices including managing application secrets, using approved software components and performing security testing. Vectimus enforces the credential protection aspect:
- Secret protection: Blocks agent reads of .env files, SSH private keys, AWS credential files and npmrc tokens
- Secrets directories: Blocks access to common secrets directories and credential stores
Key rules: secrets (001-004)
Summary
| Control | Name | Coverage | Notes |
|---|---|---|---|
| CIS-16 | Application Software Security | PARTIAL | Credential and secret protection |
What Vectimus does not cover
CIS Controls span 18 control families covering the full security lifecycle. Vectimus maps to one control where AI agent actions directly expose application secrets. The following sit outside scope:
- CIS-1 to CIS-6: Asset inventory, software inventory, data protection, secure configuration, account management, access control management
- CIS-7 to CIS-15: Vulnerability management, audit log management, email and browser protections, malware defences, data recovery, network monitoring, security awareness, service provider management, incident response
- CIS-17 to CIS-18: Incident response management, penetration testing
Organisations should treat Vectimus as one control within a broader CIS implementation, not as a replacement for the controls framework.