ROSALYN, Va., March 19, 2018 /PRNewswire/ --CIS Executive Chairman John Gilligan, CIS President & COO Steve Spano, CIS Co-Founder and Board Member Frank Reeder, CIS Sr. V.P. & Chief Evangelist, Tony Sager, along with other CIS leadership and distinguished cybersecurity experts launched the new CIS Controls Version 7 today at New America, a Washington, D.C. based think tank.
The CIS Controls V7 (https://www.cisecurity.org/controls/) are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. They are a relatively short list of high-priority, highly effective defensive actions that provide a "do-first" starting point for every enterprise seeking to improve their cyber defense.
"We are very proud to announce the release of Version 7 of the CIS Controls. The CIS Controls represent the feedback and best advice of a very large number of expert volunteers from across the world-wide cyber ecosystem. At CIS, we are driven by our mission: to help you navigate a fast-changing world of cyber-attacks, business demands, and technology," said Tony Sager. "In addition to helping your organization build a foundation for effective cyber defense, Version 7 also sets the stage for future improvements in measurement, implementation, and alignment with other security frameworks," he added.
Sager's remarks included what was new in the CIS Controls V7 and James Tarala, Principle Consultant of Enclave Security, made a presentation on the evolution of the CIS Controls and the Demand for Training. Kathy Bortle, an Incident Response Specialist from the Virginia Information Technologies Agency, addressed participants on her agency's positive experiences and history with the CIS Controls. Afterward, a panel including Greg Johnson, Vice President and Assistant General Auditor of the Federal Reserve Bank and Chris Conin, a Partner in Halock Security Labs discussed the CIS Controls V7.
Key principles for the CIS Controls V7 include:
Addressing current attacks, emerging technology, and changing mission/business requirements for IT: As part of our fundamental promise, the CIS Controls have been updated and re-ordered to reflect both the availability of new cybersecurity tools and changes in the current threat landscape that all organizations are facing.
More focus on key topics like authentication, encryptions, and application whitelisting: Guidance for each of these major security topics is covered in detail by CIS Controls V7 in a clearer, stronger, and more consistent fashion across the entire CIS Controls.
Better alignment with other frameworks: The CIS Controls V7 are mapped to the NIST Cybersecurity Framework (https://www.nist.gov/cyberframework).
Improvement of the consistency and simplifying the wording of each sub-control ? one "ask" per sub-control: The community worked tirelessly to clarify and simplify each CIS Control, making it easier for users to follow along. By eliminating multiple tasks within a single sub-control, the CIS Controls are easier to measure, monitor, and implement.
Setting the foundation for a rapidly growing "ecosystem" of related products and services from both CIS and the marketplace: We have much more documented experience with adopters and vendors since Version 6; for V7 we make it easier for everyone to understand, track, import, integrate the CIS Controls into products, services, and corporate decision-making.
Some structural changes in layout and format: To help keep the Controls relevant and adaptive to various different organizations, we've restructured our content to be more flexible than before.
Reflect the feedback of a world-side community of volunteers, adopters, and supporters: We are only as strong as the amazing volunteers that support us and we hope to continue to provide a means of gathering and harnessing the global cybersecurity community for the benefit of everyone.
About CIS CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. Our CIS Controlstm and CIS Benchmarkstm are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. SLTT government entities. To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.
Ryan, a leading global tax services and software provider, is challenging a new rule issued by the Federal Trade Commission (FTC) that outlaws non-compete employment agreements. The Firm's lawsuit in federal court in Texas is the first challenge to...
Reveal Technology, Inc. (Reveal) is proud to share that they have received a selection notification from the US Air Force AFVentures Program for a $33.6M Strategic Funding Increase (STRATFI)....
Evolus, Inc. , a performance beauty company with a focus on building an aesthetic portfolio of consumer brands, today announced that it will report its first quarter 2024 financial results on Tuesday, May 7, 2024, after the U.S. financial markets...
The ProLift Rigging Company, a leading provider of solutions-based industrial construction services in North America, announced, today, it has been honored with two Safety Awards from The Specialized Carriers & Rigging Association (SC&RA) --The Crane...
Veralto (the "Company"), a global leader in essential water and product quality solutions dedicated to Safeguarding the World's Most Vital Resourcestm announced results for the first quarter ended March 29, 2024....
Everyone plays a role in reducing the plastic waste that chokes our landfills and the plastic pollution that litters our streets, shorelines, waterways, and even our food supply. Improving how plastics are made, used, and managed can help protect...