BR +55 11 3069 3925 | USA +1 469 620 7643
Select Page

CIS Controls Version 8: Learn what changes with Engine Advancements

by | Jun 18, 2021 | BLOG | 0 comments

This May, the Center for Internet Security (CIS) has launched version 8 of the security control tool for critical systems, especially marked by structural progress aimed at cloud and mobile environments. The concentration of online tasks and the remote work model are becoming increasingly popular due to mobility restrictions caused by the pandemic, which generates, proportionally and positively, technological evolution to ensure the execution of work, social and entertainment activities.

What Is Different?

 CIS Controls v8 is based on the activities performed, not on the user who controls the devices or on the devices themselves. Whereas previous versions focused on a centralized network that grouped all coordination and security endpoints, version 8 tracks virtual changes and assimilates new cyberattack modalities based on real threats cited in Verizon’s 2021 Data Breach Investigations Report.

 Until the previous version (7.1), the set consisted of 20 main controls and 171 sub controls, but the modernization of the system condensed the total to 18 controls and 153 safeguards (yes, the term has also changed!) divided into 3 Implementation Groups (IGs), which work as a practical guide to help organizations of all sizes with their particular needs and to adapt them to current regulations. 

 As IG1 is the primary Implementation Group, every company needs to start with it, as it is considered the set of “basic cyber hygiene” and serves to preserve the information system from the most recurrent attacks. In the current version, it supports 56 safeguards in total, while IG2 has 74 and IG3 has 23 safeguards, making up the complete package.

To ensure essential protection, the following controls must be adopted: 

4: Secure configuration of company assets and software

5: Account management

6: Access control management

14: Security awareness and skills training


v8 Extra Points: 

CIS CSAT Pro self-assessment capabilities, with location tracking, optional data sharing, separation of roles and user behavior;

Community Defense Model (CDM) v2.0, with safeguards mapping and consultation of reports released by the industry, which indicate the main threats and frequent attacks;

CIS Controls Mobile Companion Guide and CIS Controls Cloud Companion Guide, which are guides for implementing CIS security best practices for mobile devices such as mobile phones and tablets; and for cloud environments, respectively.

What Does the Launch of Controls v8 Mean? That CIS understood the defense priorities of the critical data environment and streamlined the cybersecurity process. For businesses, the result is the quality of critical system security options and the practicality of complying with regulatory data protection requirements (PCI-DSS, SOx, HIPAA, and others).


Text: Priscilla Silva

Why is Data the New Oil?

Performing any task today is much easier than it was a few years ago. With the evolution of technology, the consumer can make purchases faster and more practical, receive optimized ads - which help a lot when purchasing something -, social networks with features that...

Why is Information Security Important to Your Organization?

As technology becomes increasingly sophisticated, criminals' skills often evolve as well, in many cases surpassing the skills of security professionals within organizations. The proof of this is that the number of successful attacks is growing every year.  We live in...

Brazil improves its position in the 2020 global cybersecurity ranking

Several Latin American countries have advanced in the Global Cybersecurity Index, a report supported by the International Telecommunication Union (ITU). Brazil, Mexico, Uruguay, Dominican Republic, and Chile had the best performances in the region. Although there are...

Is your company really prepared for a cyber attack? – Part 2

In the previous article, we discussed the importance of digital transformation to business, and how this process brings various information security issues with it. Now we will talk a little bit about what are the most common cyberattacks on businesses today and what...

Is your company really prepared for a cyber attack? Part 1

The rise of smart devices and shifting customer preferences have driven the global digital transformation at full steam. As a result, companies are discovering more and more opportunities and cutting-edge resources for competitive advantage and growth. Moreover, the...
Copy link
Powered by Social Snap