CIS Critical Security Controls Version 8
The CIS Critical Security Controls (CIS Controls) offer prioritized guidance to defend systems and networks against the most prevalent cyber attacks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks.
Want to learn more about the CIS Controls? Check out our video below.
CIS Controls v8 was enhanced to keep up with modern systems and software. Movement to cloud-based computing, virtualization, mobility, outsourcing, work from home, and changing attacker tactics prompted the update and supports an enterprise’s security as they move to both fully cloud and hybrid environments.
Our design principles include:
- Offense Informs Defense
- CIS Controls are selected, dropped, and prioritized based on data and on specific knowledge of attacker behavior and how to stop it.
- Focus
- Help defenders identify the most critical things they need to do to stop the most important attacks.
- Avoid being tempted to solve every security problem — avoid adding “good things to do” or “things you could do.”
- Feasible
- All individual CIS Safeguards must be specific and practical to implement.
- Measurable
- All CIS Controls, especially for Implementation Group 1, must be measurable.
- Simplify or remove ambiguous language to avoid inconsistent interpretation.
- Some Safeguards may have a threshold.
- Align
- Create and demonstrate “peaceful co-existence” with other governance, regulatory, process management schemes, framework, and structures.
- Cooperate with and point to existing, independent standards and security recommendations where they exist (e.g., National Institute of Standards and Technology® (NIST®), Cloud Security Alliance (CSA), Software Assurance Forum for Excellence in Code (SAFECode), MITRE ATT&CK®, and Open Web Application Security Project® (OWASP®)).
Looking for a more recent version? Download CIS Controls v8.1
