CIS Website on a computer and tablet

19 May 2021

CIS Controls version 8 - Less is More

The Center for Internet Security (CIS) officially launched CIS Controls v8, which was enhanced to keep up with evolving technology, threats, and workplaces. The pandemic changed a lot of things, and it also prompted changes in the CIS Controls.

Continue Reading
Home Blog
CIS Controls Logo

The Center for Internet Security (CIS) officially launched CIS Controls v8, which was enhanced to keep up with evolving technology (modern systems and software), evolving threats, and even the evolving workplace. The pandemic changed a lot of things, and it also prompted changes in the CIS Controls.

There are now 18 Controls, reduced from 20; These Controls are a prioritised set of Safeguards (formerly sub-controls) to mitigate the most prevalent cyber-attacks against systems and networks, and now include Service Provider Management, an increasingly key area of cyber risk.

As before, there are 3 levels of implementation that an organisation can choose from, depending on the criticality of the information and processes. These are called Implementation Groups (IGs):

  • As a minimum standard of Information Security, organisations need to apply IG1 – “Basic Cyber hygiene”.
  • Organisations would choose IG2 if they store and process sensitive client or enterprise information and can withstand short interruptions of service
  • If an organisation handles highly sensitive information or is heavily regulated, and where successful attacks can cause significant harm to the public welfare, IG3 would be the appropriate level.

Cybercraft offers expert cyber risk governance, management and assessment services. Take a look at our Cyber Risk Assessment solution and our Fractional Chief Information Security Officer service.

Share this article

More articles

How the OWASP Application Security Verification Standard Makes Organisations Secure

19 May 2021

How the OWASP Application Security Verification Standard Makes Organisations Secure

Application security is no longer an afterthought but something that all organisations and businesses need to be very careful about. Unsecured applications pose serious security threats since hackers can find ways to circumvent defences and attack unpatched vulnerabilities.

Read more
SolarWinds Orion vulnerability being actively exploited

19 May 2021

SolarWinds Orion vulnerability being actively exploited

CERT NZ has published new updates which include more details on the vulnerable SolarWinds Orion systems and products affected as well as links to the latest version of the hotfix.

Read more
Owners, Directors and Executives, are you confused about cyber risk and cybersecurity?

19 May 2021

Owners, Directors and Executives, are you confused about cyber risk and cybersecurity?

Directors and C-levels need to differentiate cyber risk management as a governance and management activity, on the same levels and finance risk management and health and safety risk management.

Read more