18 CIS Controls
The CIS Controls has moved from v7 to v8 and with it has consolidated its controls from 20 down to 18. These are the new 18 CIS controls that outline what an organization should do to defend itself. One of the benefits of the new update is that it is designed to be compatible with modern and ever changing systems. Cloud based computing, mobile devices, and working from home are all taken into consideration with the consolidation of the CIS controls.
CIS Control 1 – Inventory and Control of Enterprise Assets
CIS control 1 requires managing enterprise assets connected to the infrastructure physically, virtually, remotely and those within cloud environments. This is done in order to know all of the assets that need to be monitored and protected within the enterprise.
CIS Control 2 – Inventory and Control of Software Assets
Managing all software on your network so that only authorized software is installed and can execute. This also allows unauthorized software to be found and removed in order to keep it from executing malicious tasks.
CIS Control 3 – Data Protection
Develop processes and controls to identify, classify, handle and dispose of data. Knowing what data you have and how to organize and protect it is crucial to defending against cyber attacks.
CIS Control 4 – Secure Configuration of Enterprise Assets and Software
Maintain the secure configuration of enterprise assets as well as software. This includes portable and mobile devices as well as IoT devices and operating systems and applications.
CIS Control 5 – Account Management
This control uses processes and tools to assign and manage authorization to credentials for user accounts. This includes admins accounts, service accounts, and enterprise assets and software.
CIS Control 6 – Access Control Management
Using tools and processes the create, assign, manage, and revoke access credentials and privileges for user, admin and service accounts.
CIS Control 7 – Continuous Vulnerability Management
Develop a plan to consistently assess and track vulnerabilities on all enterprise assets within the enterprises infrastructure. Always looking for threats and attack vectors can help in minimizing risk.
CIS Control 8 – Audit Log Management
Collect, alert review, and retain audit logs of events that could help detect and recover from an attack.
CIS Control 9 – Email Web Browser and Protections
Improve protections and detection from email and web vectors. These are popular ways for hackers to attack workers directly and gain a foothold into your organization.
CIS Control 10 – Malware Defenses
Take steps to control the installation, spread and execution of malicious software, code or scripts that could harm enterprise assets.
CIS Control 11 – Data Recovery
Establish data recovery practices to restore assets to a pre-incident state.
CIS Control 12 – Network Infrastructure Management
Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting access points.
CIS Control 13 – Network Monitoring and Defense
Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats.
CIS control 14 – Security Awareness and Skills Training
Create a security awareness training program to help establish security knowledge amongst employees.
CIS Control 15 – Service Provider Management
Develop a process to evaluate service providers who hold sensitive data, or are responsible for an enterprise’s critical IT platforms.
CIS Control 16 – Application Software Security
Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weakness before they have a chance to harm your organization.
CIS Control 17 – Incident Response Management
Create a program to develop and maintain an incident response plan to prepare for the possibility of attack.
CIS Control 18 – Penetration Testing
Through penetration testing you can test the effectiveness of plans or processes you have in place as well as employees preparedness by simulating an attacker.
You can learn more about the new CIS Controls v8 by visiting the CIS controls website here:
Make sure you never gamble with security and trust CIT with all of your cybersecurity needs!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.