CIS (Center for Internet Security) is an organization that focuses on enhancing cybersecurity and promoting best practices for securing information systems. CIS provides a variety of resources and frameworks to help organizations improve their security posture. One of the well-known offerings from CIS is the CIS Controls.
CIS Controls: The CIS Controls (formerly known as the Critical Security Controls) is a set of guidelines and best practices designed to mitigate the most common and impactful cyber threats. These controls provide a prioritized list of security actions that organizations can implement to enhance their security defenses.
The CIS Controls are organized into three implementation levels:
1. Basic Cyber Hygiene: These controls are fundamental and widely applicable, focusing on foundational security practices that every organization should implement.
2. Foundational Cyber Hygiene: These controls build upon the basic level and provide a stronger security posture. They are more specific and tailored to address common threats and vulnerabilities.
3. Advanced Cyber Hygiene: These controls are comprehensive and cover more advanced security measures. They are designed for organizations with mature security programs and a higher risk profile.
The CIS Controls cover various security domains, including inventory and control of hardware assets, continuous vulnerability management, secure configuration for hardware and software, controlled use of administrative privileges, data recovery capabilities, and many more. Each control includes specific recommendations and implementation steps to guide organizations in their security efforts.
CIS Benchmarks: In addition to the CIS Controls, CIS also provides CIS Benchmarks. These are specific configuration guidelines for various operating systems, software applications, and network devices. CIS Benchmarks define recommended security settings and configurations that organizations can apply to their systems to reduce the risk of vulnerabilities and ensure secure configurations.
The benchmarks are developed through a consensus-based process involving subject matter experts, security researchers, and industry professionals. They are regularly updated to address emerging threats and new technologies.
CIS Membership and Resources: CIS offers membership programs that provide access to additional resources and support. Membership benefits include access to the latest versions of CIS Controls and Benchmarks, threat intelligence, vulnerability management tools, and more. These resources help organizations stay informed about emerging threats and maintain secure configurations.
CIS also provides various tools and resources freely available to the public, including CIS-CAT Pro, a configuration assessment tool, and CIS WorkBench, a graphical tool for configuring systems based on CIS Benchmarks.
Overall, CIS plays a crucial role in promoting cybersecurity best practices through the CIS Controls and CIS Benchmarks. By implementing these guidelines, organizations can enhance their security posture and reduce the risk of cyber threats.