On May 18, 2021, the US non-profit organization CIS (Center for Internet Security) released the latest version of “CIS Controls”, version 8. CIS Controls are guidelines that focuses on “must-do, do first” in an organization and lists 153 safeguards of technical measures.
CIS Controls are a great reference for those who have concerns about their organization’s security or do not know where to start take high-priority, highly effective defensive actions.
On the other hand, due to the volume of 153 items and the use of unique concepts such as IG*1, Controls*2, and Safeguards*3, it may be difficult to understand the content and importance just by reading it.
*1 IG (Implementation Groups): the recommended guidance to prioritize implementation of the CIS Critical Security Controls
*2 Controls: classification of measures
*3 Safeguards: requirements for measures, formerly known as “Sub Controls”
In this article, we have provided an overview of CIS Controls and the points that have changed in v8. As cyber-attacks become more sophisticated, there are many things to consider in order to ensure the security in the organization. We hope this article will give you a better understanding of CIS Controls.