Updated CIS Controls Includes Governance

What is  CIS Controls v8.1?

The Center for Internet Security (CIS) has released an updated version of its critical security controls, CIS Controls v8.1. This latest iteration addresses the increasing complexities and vulnerabilities in today's cyber landscape by incorporating new asset classes and introducing a governance security function.

Key Highlights of CIS Controls v8.1:

• New Asset Classes: These additions better match specific parts of an enterprise’s infrastructure, ensuring that each CIS Safeguard is applied accurately.
• Governance Security Function: This new function helps organizations identify the policies, procedures, and processes necessary to protect their assets and provides the evidence needed to demonstrate industry compliance.

Curtis Dukes, CIS Executive Vice President and General Manager of Security Best Practices, emphasized in a press release that effective cybersecurity governance provides the structure needed to steer an enterprise’s cybersecurity program to support business goals. The new governance activities in CIS Controls v8.1 offer a clear roadmap for enterprises to develop comprehensive cybersecurity programs.

Why Does It Matter to MSPs?

• Streamlined Security Implementation: The CIS Controls aim to simplify the process of designing, implementing, measuring, and managing enterprise security, making it easier for MSPs to enhance their clients' cybersecurity postures.
• Compliance Support: The addition of the governance security function helps MSPs provide their clients with the necessary evidence to demonstrate compliance with industry standards and regulatory requirements.
• Comprehensive Protection: The Controls are designed to protect and defend cybersecurity programs for any size enterprise, ensuring that MSPs can offer robust security solutions to clients of all sizes.
• Industry Alignment: The CIS Controls maintain alignment with evolving industry standards and frameworks, assisting MSPs in keeping their clients’ cybersecurity measures up to date and compliant with various legal and regulatory requirements.

CIS Controls v8.1 is an iterative update to CIS Controls v8, minimizing disruption to users while enhancing cybersecurity measures. MSPs can leverage these updated controls to better protect their clients' infrastructure, mitigate prevalent cyber threats, and streamline compliance efforts.

Tim Golden, CEO of Compliance Scorecard, comments: “We are excited to see the integration of risk management frameworks with the addition of the governance function. Incorporating change management, attestation, and involving leadership in risk decisions has always been a priority of ours. Even though these functions were not explicitly called out in framework control items, we recognized their importance in managing risks effectively. With NIST and CIS adopting governance, we anticipate others like ISO, CMMC, SOC2, and other risk frameworks to follow suit.

Want more details? Go straight to the source:

Center for Security Security: CIS Critical Security Controls v8.1

Contact Compliance Scorecard

Help your MSP clients stay on top of evolving regulatory requirements with Compliance Scorecard. With our compliance-as-a-service (CaaS) platform, you can become a compliance superstar.