Latest Update in CIS Critical Security Controls: Examining Major Alterations in the Current Edition
The Center for Internet Security (CIS) has released an updated version of the CIS Critical Security Controls (CIS v8), a set of prioritized actions designed to protect organizations and their data from cyber attacks.
This latest version reflects the increased importance of Identity and Access Management, with 153 "safeguards" (formerly known as "sub-controls") focusing on task-oriented controls. Notable changes include the merger of Control 4 (Control of Admin Privileges) and Control 14 (Controlled Access Based on Need to Know) into Control 6 (Access Control Management).
Another significant change is the combination of controls by activities instead of by device management, reducing the number of controls from 20 to 18. This restructuring aims to provide a more streamlined approach to cybersecurity.
The updates also bring about the addition of Control 15, Service Provider Management, which offers guidance on how organizations can manage their cloud services. Control 12 (Boundary Defense) and Control 15 (Wireless Access Control) have been removed.
Data Protection has been moved from Control 13 to Control 3, while Account Monitoring and Control has been moved from Control 16 and renamed Account Management, now under Control 5. Control 9 (Limitation of Ports and Protocols) has also been removed.
To further aid cybersecurity professionals, the CIS v8 includes a section on Cloud and Mobile Technologies. This section is complemented by the Cloud Companion Guide, which aims to answer the question "In the cloud, who is responsible for what?" for different deployment models such as IaaS, PaaS, SaaS, and FaaS.
The Cloud Companion Guide also provides information on Cloud Applicability, Cloud Service and Deployment Considerations, and Cloud Additional Considerations for each CIS Control. This guide is instrumental in helping security professionals understand the cybersecurity implications of the cloud.
In the face of frequent encounters with supply-chain attacks, zero-day vulnerabilities, and ransomware, the CIS v8 serves as a valuable resource for cybersecurity professionals seeking to fortify their organisations' defences.
Lastly, the CIS continues to offer cyber safety tips, guidelines, instructional videos, and advice for cybersecurity policy development. The organisation behind the Cloud Companion Guide, which is part of the latest version of the CIS Critical Security Controls, is the Center for Internet Security (CIS).
