HomeInsightsWhite PapersCIS Controls v8.1 Cloud Companion Guide

CIS Controls v8.1 Cloud Companion Guide

CIS Controls v8.1 Cloud Companion Guide

CIS Critical Security Controls (CIS Controls) version 8.1 (v8.1) is an iterative update to version 8.0. As part of our process to evolve the CIS Controls, we establish "design principles" that guide us through any minor or major updates to the document. Our design principles for this revision are context, clarity, and consistency. Context enhances the scope and practical applicability of Safeguards by incorporating specific examples and additional explanations. Clarity aligns with other major security frameworks to the extent practical while preserving the unique features of the CIS Controls. Consistency maintains continuity for existing CIS Controls users, ensuring little to no change due to this update.

In this document, we provide guidance on how to apply the security best practices found in CIS Controls v8.1 to any cloud environment from the consumer/customer perspective. For each top-level CIS Control, there is a brief discussion on how to interpret and apply the CIS Control in such environments along with any unique considerations or differences from common IT environments.

By reading through CIS Controls v8.1 with this companion guide, the reader should be able to tailor the CIS Controls in the context of a specific IT/Operational Technology (OT) cloud enterprise as an essential starting point for a security improvement assessment and roadmap. (We should mention that OT is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes, and events in the enterprise.)

Finally, this document is also aimed at guiding enterprises involved in the agile software development process via utilization of cloud-based services. DevSecOps, which is short for "development, security, and operations," automates the integration of security at every phase of the software and its underlying infrastructure development life cycle, from initial design through integration, testing, deployment, and software delivery. CIS Control 16 will cover these aspects.

Download
Download