The CIS Critical Security Controls
The CIS Critical Security Controls are based on real-world attack scenarios, proven defenses, and NIST SP 800 53 underpinnings. These 18 Controls provide foundational security guidance on categories ranging from Inventory and Control of Enterprise Assets to Penetration, and over a dozen imperative basics in between. Originating in 2008 by a consortium of international companies, government agencies, and independent institutions, the CIS Controls are currently in their eighth version.
In her state’s 2016 Data Breach Report, Kamala D. Harris, then California Attorney General, stated: “The set of 20 Controls constitutes a minimum level of security – a floor – that any organization that collects or maintains personal information should meet.” Designed to “mitigate the most prevalent cyber-attacks against systems and networks,” CIS Controls v8 has been augmented to cover modern scenarios and systems, including cloud computing, virtualization, mobility, outsourcing, work-from-home, and evolving cybercriminal tactics.
The Controls give executives the benefit of free, government-sponsored research and validated principles upon which to build their cybersecurity strategy. Referenced by the U.S. Government and the National Institute of Standards and Technology (NIST), and adopted by The European Telecommunications Standards Institute (ETSI), these Controls are given the trend of bad actors towards low-level threats. As attackers continue to exploit our weakest links, the CIS Controls shore up security essentials and thwart the next generation of cybercrime opportunists.
The CIS Controls have been adopted by thousands of organizations of all sizes to manage risk and defend against the evolving threats. Implementing these controls provides a solid foundation upon which additional security and compliance controls can be layered.
The latest release of the CIS Controls includes simplified language and requirements for the cloud, hybrid environments, and the ever-changing tactics from criminal actors.
Fortra and CIS Controls
Fortra security solutions helps organizations with 16 of the 18 CIS Controls. Below are each of the controls along with the solution that can help address them.
Control Number and Name
1. Inventory and Control of Enterprise Assets
2. Inventory and Control of Software Assets
3. Data Protection
4. Secure Configuration of Enterprise Assets
5. Account Management
6. Access Control Management
7. Continuous Vulnerability Management
8. Audit Log Management
9. Email and Web Browser Protections
10. Malware Defenses
11. Data Recovery
12. Network Infrastructure Management
13. Network Monitoring and Defense
14. Security Awareness and Skill Training
15. Service Provider Management
16. Application Software Security
17. Incident Response Management
18. Penetration Testing
Make the CIS Controls an Integral Part of Your Cybersecurity Strategy
Speak with a Fortra subject matter expert about solutions to empower your organization to achieve CIS Critical Security Control compliance.