CIS Controls Version 7 Released

On March 19th 2018, the Center of Internet Security released its CIS Controls Version 7, the newest iteration of its 20 important cybersecurity recommendations. The CIS Controls are a prioritized set of best practices any organization can follow to improve their cybersecurity posture. The newest release was developed to reflect the latest threat environment to help organizations address current attacks, emerging technology, and changing mission/business requirements of IT.

CIS Controls V7 keeps the same 20 controls that businesses and organizations around the world already depend upon to stay secure while the ordering has been updated to reflect the current threat landscape. The sub-controls have been updated to be more clear and precise, implementing a single “ask” per sub-control.

More notably, CIS Controls V7 separates the controls into three distinct categories: basic, foundational, and organizational.

• Basic (CIS Controls 1-6): Key controls which should be implemented in every organization for essential cyber defense readiness.
• Foundational (CIS Controls 7-16): The next step up from basic – these technical best practices provide clear security benefits and are a smart move for any organization to implement.
• Organizational (CIS Controls 17-20): These controls are different in character from 1-16; while they have many technical elements, CIS Controls 17-20 are more focused on people and processes involved in cybersecurity.

The content is restructured to be more flexible, relevant and adaptive to apply to different organizations. Customers can visit the CIS website to download the CIS Controls V7 document for reference:

GTI provides complete threat protection life cycle services to help customers assess and determine their risk posture and identify severe security gaps to prioritize their remedial and preventive actions. We can help customers implement state-of-the-art solutions and best-practices based processes and measures to defend against pervasive cyberthreats. Moreover, we can provide tailored managed security services and incident response services to meet your specific business and compliance needs, safeguard your important data assets and keep your business running healthily.

Contact our GTI security consultants to understand how to implement the CIS Controls V7 in your environment to defend against the latest cyber threats.