Monday, September 19, 2016

Updates to the CIS Critical Security Controls

Hopefully most people are aware of the Critical Security Controls, which are too often called the "SANS Top 20" or the like, even tho SANS no longer manages them.  (they do offer a course and cert on them.)

SANS actually turned them over to a group called the Council on CyberSecurity in 2013, and put out at least version 5.0 of the controls.  The Council merged with the Center for Internet Security in 2015, who released version 6.0.  Properly they are the CIS Critical Security Controls, or CIS CSC.

With v6.0, they did some revamping and re-ordering the controls.

And CIS has continued to support the CSC.  They have released some new items!

We now have a incremental update of the CSC to v6.1.  The main change is to restore the scheme of identifying each sub-Control as either “Foundational” or “Advanced” as an aide to prioritization and planning. This restores something that had been in version 5.x, but dropped in 6.0.

As to the new items, we get:
  • An Executive Summary
  • A Practical Guidance for Implementing the Critical Security Controls
These are short documents, only a few pages long.

And if you're not aware, there are several other support documents as well:
  • CIS Controls Internet of Things Companion Guide
  • CIS Controls Mobile Security Companion Guide
  • CIS Controls Privacy Companion
  • CIS Controls Measurement Companion Guide 
So if you're using the CSC, these companion guides may be of use.  Check them out.  

No comments:

Post a Comment