Always been a fan of the Center for Internet Security’s CIS Controls and the value they provide in giving 20 prioritized actions that should be considered by organizations to protect their data from cyberattacks. Their latest release is more good work. Here are the three updates that we like the most.
The change from categorizing controls as either “Foundational” or “Advanced” to separating into three distinct categories — Basic, Foundational, and Organizational — is a simple and elegant change that more clearly defines each control and their associated importance within their category.
Further easing implementation, the controls are now clearer and more precise with a single “ask” per sub-control. This simplification enables easier management and measurement of the control attributes.
Finally, the recalibration of the order of the controls is spot on to reflect the current threat landscape. We especially like the Basic CIS Controls and believe that to be the critical foundation of efforts to keep an organization secure.