The Center for Internet Security (CIS) Critical Security Controls offers a practical and cost-effective approach, boasting a comprehensive set of best practices for strengthening organizational cybersecurity.
On the 25th of June 2024, CIS released version 8.1 of its Critical Security Controls. This update brings several notable enhancements, aligning the framework with the latest industry standards and evolving threat landscapes. More importantly, the latest release aligns it with the recently updated NIST CSF 2.0 with the addition of the "governance" security function.
Key Updates in CIS Controls v8.1
1. Introduction of the Governance Security Function
A significant addition in v8.1 is the "governance" security function. This emphasizes the organizational aspects of cybersecurity, ensuring that security policies, roles, and responsibilities are well-defined and managed at an executive level. Supporting a closer integration of cybersecurity practices into the overall governance framework of the organization.
2. Revised Asset Classes and Safeguard Descriptions
Keeping pace with the changing technology landscape, v8.1 includes updated asset classifications and more detailed descriptions of CIS Safeguards. These revisions help organizations better categorize their assets and implement specific security measures more effectively.
3. Enhanced Alignment with Industry Standards
Version 8.1 aligns more closely with other updated industry frameworks and standards, such as NIST CSF 2.0 and ISO/IEC 27001:2022. This alignment simplifies compliance efforts and helps organizations adopt a unified approach to cybersecurity (that can be utilised by having a platform that supports Framework Harmonization).
4. Improved Focus on Hybrid and Cloud Environments
Recognizing the shift towards hybrid and cloud-based infrastructures, v8.1 places greater emphasis on securing these environments. The updated controls provide guidance on managing security across diverse and distributed IT landscapes, ensuring robust protection against modern threats.
5. Updates to Implementation Groups (IGs)
The Implementation Groups, which help organizations prioritize their security efforts based on their specific risk profiles, have been refined. These updates ensure that the IGs remain relevant and practical for organizations of all sizes and industries.
Why Upgrade to CIS Controls v8.1?
The latest version of the CIS Controls offers a more comprehensive and updated approach to cybersecurity. By incorporating the new Governance function and refining the asset classes and safeguard descriptions, CIS Controls v8.1 helps organizations establish a stronger cybersecurity foundation. Moreover, the enhanced alignment with industry standards and the focus on hybrid and cloud environments make this update particularly relevant for today's dynamic IT ecosystems.
Organizations looking to improve their cybersecurity posture and achieve compliance with various regulations will find CIS Controls v8.1 to be an invaluable resource. Implementing these controls can significantly reduce the risk of cyberattacks and enhance overall resilience against evolving threats.
CIS Controls v8.1 in Avertro CyberHQ® Enterprise
Avertro’s CyberHQ® Enterprise fully supports CIS Controls v8.1. We have several customers utilizing v8; they now have the option to update to the latest version.
