CIS Critical Security Controls v7.1
The CIS Critical Security Controls (CIS Controls) have been updated to keep up with the ever-changing cyber ecosystem. CIS Controls v8.1 is an iterative update to v8. As part of our process to evolve the CIS Controls, we establish "design principles" that guide us through any minor or major updates to the document. Our design principles for v8.1 are context, clarity, and consistency.
Learn more about CIS Controls v8.1.Still need CIS Controls v7.1? Read on to learn more about this version of the CIS Controls.
With the release of CIS Controls v6 in October 2015, we put in place the means to better understand the needs of adopters, gather ongoing feedback, and understand how the security industry supports the CIS Controls. We used this to drive the evolution of v7 and also v7.1.
In addition to the critical tenets of cyber defense, we also tried to ensure that every CIS Control is clear, concise, and current. While there’s no magic bullet when defining security controls, we believe this version sets the foundation for much more straightforward and manageable implementation, measurement, and automation.
At CIS, we listen carefully to all of your feedback and ideas for the CIS Controls. In particular, many of you have asked for more help with prioritizing and phasing in the CIS Controls for your cybersecurity program. This topic deserved a substantial treatment and resulted in the creation of Implementation Groups (IGs). As such, the following principles were used to drive the v7.1 update.
- Reassess the prioritization scheme for the CIS Controls down to the level of Sub-Controls (now referred to as CIS Safeguards beginning in v8) given the evolving threat landscape and resource constraints;
- Fix minor typos and errors;
- Enhance the clarity and readability of the CIS Controls and Sub-Controls; and
- Refrain from adding or subtracting from the technical content, or “spirit,” of a CIS Control or Sub-Control.
