Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • What’s New in v8 of the CIS Controls
  • Critical Vulnerability
  • Data Breach
  • Malware
  • Vulnerabilities

What’s New in v8 of the CIS Controls

5 years ago David Bisson
What’s New in v8 of the CIS Controls

Back in 2018, the State of Security spent a lot of time going over v7 of the Center for Internet Security’s Critical Security Controls (CIS Controls). We noted at the time how the Center for Internet Security shuffled the order of requirements for many of the existing controls in that version. It also cleaned up the language of the CIS Controls, simplified some working, removed duplicate requirements, and created an abstract for each of the security measures.

Wait, What Are the CIS Controls Again?

Just as a reminder, the CIS Controls are a set of recommended actions that organizations can use to defend themselves against some of the most pervasive attacks in the threat landscape today. They serve as a starting point for organizations in that effort. As noted on the Center for Internet Security’s website, the Critical Security Controls use prioritization to help organizations to figure out where their digital defenses begin, focus their resources on actions that can provide protection against high-risk items, and then invest their remaining time and energy in tackling additional sources of digital risk for the business.

The Constant Flow of Change

The CIS Controls are not a static entity. On the contrary, they regularly undergo an informal community process in which industry, government, and academic actors review the CIS Controls. Those individuals can then issue updates based upon organizations’ changing network environments and on the evolving digital threat landscape.

Those factors help to explain the release of CIS Controls v8. This updated version of the security measures now includes requirements pertaining to cloud and mobile technologies. (Regarding the former, the Center for Internet Security even created an entirely new control designed to help organizations manage their cloud service providers.)

These changes reflect just how organizations altered the way they do business as part of the shift to remote work. The Center for Internet Security expanded upon that reality in a blog post:

Since networks are basically borderless — meaning there is no longer an enclosed, centralized network where all the endpoints reside — the Controls are now organized by activity vs. how things are managed.

As part of this transition, the internal community process reduced the number of CIS Controls from 20 to 18. These Controls are as follows:

CIS Control 1: Inventory and Control of Enterprise Assets

CIS Control 2: Inventory and Control of Software Assets

CIS Control 3: Data Protection

CIS Control 4: Secure Configuration of Enterprise Assets and Software

CIS Control 5: Account Management

CIS Control 6: Access Control Management

CIS Control 7: Continuous Vulnerability Management

CIS Control 8: Audit Log Management

CIS Control 9: Email and Web Browser Protections

CIS Control 10: Malware Defenses

CIS Control 11: Data Recovery

CIS Control 12: Network and Infrastructure Management

CIS Control 13: Network Monitoring and Defense

CIS Control 14: Security Awareness and Skills Training

CIS Control 15: Service Provider Management

CIS Control 16: Application Software Security

CIS Control 17: Incident Response Management

CIS Control 18: Penetration Testing

The Center for Internet Security also grouped the Controls and a fewer number of corresponding Safeguards (formerly known as “Sub-Controls”) into three Implementation Groups (IGs). These designations help organizations to prioritize their implementation of the CIS Controls. To illustrate, the first implementation group (IG1) consists of basic hygiene that all organizations can use to lay the groundwork for defending themselves against digital threats. IG2 builds upon the practices of IG1, while IG3 encapsulates all the Controls and Safeguards.

Examining CIS Controls v8 in Detail

Researchers at Tripwire are working on a new blog series that examines each of the 18 security measures contained within CIS Controls v8. Stay tuned for the first few installments of this series over the coming weeks.

In the meantime, readers can learn more about how Tripwire’s solutions align with version 7 of the CIS Controls by clicking here.

The post ” What’s New in v8 of the CIS Controls” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Cloud, Critical Severity, High Severity, TripWire

Continue Reading

Previous Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping
Next Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

1 day ago [email protected] (The Hacker News)

Recent Posts

  • German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT