Latest version of CIS Critical Security Controls: Examining the Notable Alterations and Enhancements

The Center for Internet Security (CIS) has announced an update to its Critical Security Controls, moving from version 7 to version 8. This update reflects the increased importance of Identity and Access Management in the current cybersecurity landscape.

One of the key changes is the simplification of the controls, with the number decreasing from 20 to 18. Control 12, Boundary Defense, and Control 15, Wireless Access Control, have been removed, while Control 4, Control of Admin Privileges, and Control 14, Controlled Access Based on Need to Know, have been combined to form Control 6, Access Control Management. Similarly, Control 5, Secure Configuration, and Control 11, Security Configuration of Network Devices, have been combined to form Control 4, Secure Configuration of Enterprise Assets and Software.

The latest version of the CIS Critical Security Controls also includes a section on Cloud and Mobile Technologies, acknowledging the growing importance of these areas in the modern digital landscape. This section includes updated controls that address cloud infrastructure security, mobile device management, and expanded focus on securing cloud services and remote access environments.

Data Protection has been moved from Control 13 to Control 3, underscoring its significance in the overall cybersecurity strategy. Account Monitoring and Control, previously Control 16, has been moved and renamed as Control 5, Account Management.

The update also includes a Cloud Companion Guide to help security professionals understand the cybersecurity implications of the cloud. This guide offers additional guidance on relevant tools, products, or threat information to consider for each CIS Control. It provides information on how the CIS Controls are applied to different deployment models of IaaS, PaaS, SaaS, and FaaS.

The CIS Critical Security Controls, a set of actions to protect organizations from cyber attacks, have always been task-focused. The latest update continues this tradition, further streamlining how organizations adopt and incorporate the controls by combining them by activities instead of by device management.

The CIS also provides cyber safety tips, guidelines, instructional videos, and advice for cybersecurity policy development. Cybersecurity professionals frequently encounter supply-chain attacks, zero-day vulnerabilities, and ransomware, and these resources can be invaluable in navigating the complex and ever-evolving landscape of cyber threats.

The latest version of the CIS Critical Security Controls includes a limitation of Ports and Protocols, which was previously listed as Control 9 but had been removed. However, specific details about the additions and revisions in the latest version were not provided in the given paragraph.

In conclusion, the update to the CIS Critical Security Controls underscores the importance of Identity and Access Management, Cloud and Mobile Technologies, and simplified control management in the current cybersecurity landscape. The Cloud Companion Guide offers additional guidance for security professionals navigating the cloud, while the CIS continues to provide resources for cybersecurity policy development and best practices.

Latest version of CIS Critical Security Controls: Examining the Notable Alterations and Enhancements