18 CIS Controls v8

18 CIS Controls

The CIS Controls has moved from v7 to v8 and with it has consolidated its controls from 20 down to 18. These are the new 18 CIS controls that outline what an organization should do to defend itself. One of the benefits of the new update is that it is designed to be compatible with modern and ever changing systems. Cloud based computing, mobile devices, and working from home are all taken into consideration with the consolidation of the CIS controls.

CIS Control 1 – Inventory and Control of Enterprise Assets

CIS control 1 requires managing enterprise assets connected to the infrastructure physically, virtually, remotely and those within cloud environments. This is done in order to know all of the assets that need to be monitored and protected within the enterprise.

CIS Control 2 – Inventory and Control of Software Assets

Managing all software on your network so that only authorized software is installed and can execute. This also allows unauthorized software to be found and removed in order to keep it from executing malicious tasks.

CIS Control 3 – Data Protection

Develop processes and controls to identify, classify, handle and dispose of data. Knowing what data you have and how to organize and protect it is crucial to defending against cyber attacks.

CIS Control 4 – Secure Configuration of Enterprise Assets and Software

Maintain the secure configuration of enterprise assets as well as software. This includes portable and mobile devices as well as IoT devices and operating systems and applications.

CIS Control 5 – Account Management

This control uses processes and tools to assign and manage authorization to credentials for user accounts. This includes admins accounts, service accounts, and enterprise assets and software.

CIS Control 6 – Access Control Management

Using tools and processes the create, assign, manage, and revoke access credentials and privileges for user, admin and service accounts.

CIS Control 7 – Continuous Vulnerability Management

Develop a plan to consistently assess and track vulnerabilities on all enterprise assets within the enterprises infrastructure. Always looking for threats and attack vectors can help in minimizing risk.

CIS Control 8 – Audit Log Management

Collect, alert review, and retain audit logs of events that could help detect and recover from an attack.

CIS Control 9 – Email Web Browser and Protections

Improve protections and detection from email and web vectors. These are popular ways for hackers to attack workers directly and gain a foothold into your organization.

CIS Control 10 – Malware Defenses

Take steps to control the installation, spread and execution of malicious software, code or scripts that could harm enterprise assets.

CIS Control 11 – Data Recovery

Establish data recovery practices to restore assets to a pre-incident state.

CIS Control 12 – Network Infrastructure Management

Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting access points.

CIS Control 13 – Network Monitoring and Defense

Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats.

CIS control 14 – Security Awareness and Skills Training

Create a security awareness training program to help establish security knowledge amongst employees.

CIS Control 15 – Service Provider Management

Develop a process to evaluate service providers who hold sensitive data, or are responsible for an enterprise’s critical IT platforms.

CIS Control 16 – Application Software Security

Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weakness before they have a chance to harm your organization.

CIS Control 17 – Incident Response Management

Create a program to develop and maintain an incident response plan to prepare for the possibility of attack.

CIS Control 18 – Penetration Testing

Through penetration testing you can test the effectiveness of plans or processes you have in place as well as employees preparedness by simulating an attacker.

You can learn more about the new CIS Controls v8 by visiting the CIS controls website here:

Make sure you never gamble with security and trust CIT with all of your cybersecurity needs!

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.


Comments are closed

Learn More
error: Alert: This Content is protected!