On May 18, 2021, the US non-profit organization CIS (Center for Internet Security) released the latest version of “CIS Controls”, version 8. CIS Controls are guidelines that focuses on “must-do, do first” in an organization and lists 153 safeguards of technical measures.

CIS Controls are a great reference for those who have concerns about their organization’s security or do not know where to start take high-priority, highly effective defensive actions.

On the other hand, due to the volume of 153 items and the use of unique concepts such as IG^*1, Controls^*2, and Safeguards^*3, it may be difficult to understand the content and importance just by reading it.

*1 IG (Implementation Groups): the recommended guidance to prioritize implementation of the CIS Critical Security Controls

*2 Controls: classification of measures

*3 Safeguards: requirements for measures, formerly known as “Sub Controls”

Explaining CIS Controls v8

Step 1: What are CIS Controls?

Step 2: Revised items from v7 to v8

Conclusion

In this article, we have provided an overview of CIS Controls and the points that have changed in v8. As cyber-attacks become more sophisticated, there are many things to consider in order to ensure the security in the organization. We hope this article will give you a better understanding of CIS Controls.