Guide to Asset Classes: CIS Critical Security Controls v8.1

Cover Image for the Guide to Asset Classes CIS Critical Security Controls v8.1

The CIS Critical Security Controls® (CIS Controls®) are a set of best practices that are designed to protect an enterprise from the most common cyber attacks. In CIS Controls v8, enhancements were made to keep up with evolving technology, evolving threats, and the evolving workplace. A big part of v8’s development involved simplifying the language, ensuring that practical guidance is given and that each Safeguard is measurable.

CIS Controls version 8.1 (v8.1) is an iterative update to version 8. As part of our process to evolve the CIS Controls, we establish "design principles" that guide us through any minor or major updates to the document. Our design principles for this revision are context, clarity, and consistency. Context enhances the scope and practical applicability of Safeguards by incorporating specific examples and additional explanations. Clarity aligns with other major security frameworks to the extent practical while preserving the unique features of the CIS Controls. Consistency maintains continuity for existing CIS Controls users, ensuring little to no change due to this update.

At the very foundation of the CIS Controls are a few critical actions that should be taken before any other Safeguards are implemented, which surround knowing your environment. In order to protect what you have, you first must know what you have. When implementing and auditing the CIS Controls, there are several references to terms such as enterprise assets, software, end user devices, and more. CIS simplified the language in v8 to provide enterprises guidance on how enterprise assets and software are organized in the CIS Controls and to help explain what we mean when we say things like “Establish and Maintain Detailed Enterprise Asset Inventory.” In v8.1, the Center for Internet Security® (CIS®) restructured Asset Classes and their respective definitions to ensure consistency throughout the Controls.

Adopters of the CIS Controls should use this guide as a reference during activities such as implementation or auditing to verify that all in-scope assets are being accounted for and are secured.

pixel