The framework has been enhanced to keep up with the ever-changing cyber ecosystem. The Safeguards have been segmented into implementation groups (IGs) IG1, IG2, and IG3. IG1 defines basic cyber hygiene and is the minimum standard of enterprise information security. IG2 expands upon the foundation of IG1, further strengthening controls and safeguards. On the other hand, IG3 encompasses a comprehensive set of controls and safeguards for enhanced security. Each Safeguard provides a single focused task and details measurable actions and defines metrics.
The newest update eliminates the focus on role-based controls and the rigidity of physical device boundaries. It also reduces the number of controls from 20 to 18, as discrete islands of security implementation are now considered less important. The CIS Controls have been organized in a specific order to prioritize cybersecurity activities for businesses. A subset of the first six CIS Controls is known as CIS Controls Basic.
The CIS Controls map to more than a dozen industry-standard frameworks like SOC2, HIPAA, MITRE ATT&CK, NIST, PCI DSS, and many more. CIS provides a free web application called the CIS Controls Self-Assessment Tool (CIS CSAT) that enables security leaders to track and prioritize their implementation of the CIS Controls.
The implementation of CIS Controls helps organizations to:
– Implement, track, measure, and assess controls.
– Prioritize controls based on evolving threats.
– Justify investment in CIS Controls implementation.
– Implement CIS Controls’ best practices for mobile devices and applications.
– Apply CIS Controls best practices to cloud environments.
– Comply with multiple frameworks by providing a map of regulatory frameworks.
The framework provides backwards compatibility with previous versions and a migration path for users of prior versions to move to v8. SANS provides CIS Controls v8 training, research, and certification, while the CIS Critical Security Controls (CIS Controls) team has created a guide to help organizations create secure cloud environments.
The CIS Controls Version 8 is an important cybersecurity framework that helps protect enterprises from modern threats to their systems and software.It provides specific and actionable ways to protect against today’s most pervasive and dangerous attacks and is mapped to multiple legal, regulatory, and policy frameworks. Implementing CIS Controls helps organizations prioritize their resources and ensure the security of their systems and networks. [1][2]