Skip to content

CIS 控制第 8 版:了解引擎改進有哪些變化

This May, the Center for Internet Security (CIS) has launched version 8 of the security control tool for critical systems, especially marked by structural progress aimed at cloud and mobile environments. The concentration of online tasks and the remote work model are becoming increasingly popular due to mobility restrictions caused by the pandemic, which generates, proportionally and positively, technological evolution to ensure the execution of work, social and entertainment activities.

What Is Different?

 CIS Controls v8 is based on the activities performed, not on the user who controls the devices or on the devices themselves. Whereas previous versions focused on a centralized network that grouped all coordination and security endpoints, version 8 tracks virtual changes and assimilates new cyberattack modalities based on real threats cited in Verizon’s 2021 Data Breach Investigations Report.

 Until the previous version (7.1), the set consisted of 20 main controls and 171 sub controls, but the modernization of the system condensed the total to 18 controls and 153 safeguards (yes, the term has also changed!) divided into 3 Implementation Groups (IGs), which work as a practical guide to help organizations of all sizes with their particular needs and to adapt them to current regulations. 

 As IG1 is the primary Implementation Group, every company needs to start with it, as it is considered the set of “basic cyber hygiene” and serves to preserve the information system from the most recurrent attacks. In the current version, it supports 56 safeguards in total, while IG2 has 74 and IG3 has 23 safeguards, making up the complete package.

To ensure essential protection, the following controls must be adopted: 

4: Secure configuration of company assets and software

5: Account management

6: Access control management

14: Security awareness and skills training

 

v8 Extra Points: 

CIS CSAT Pro self-assessment capabilities, with location tracking, optional data sharing, separation of roles and user behavior;

Community Defense Model (CDM) v2.0, with safeguards mapping and consultation of reports released by the industry, which indicate the main threats and frequent attacks;

CIS Controls Mobile Companion Guide and CIS Controls Cloud Companion Guide, which are guides for implementing CIS security best practices for mobile devices such as mobile phones and tablets; and for cloud environments, respectively.

What Does the Launch of Controls v8 Mean? That CIS understood the defense priorities of the critical data environment and streamlined the cybersecurity process. For businesses, the result is the quality of critical system security options and the practicality of complying with regulatory data protection requirements (PCI-DSS, SOx, HIPAA, and others).

Source: https://www.cisecurity.org/blog/18-is-the-new-20-cis-controls-v8-is-here/

Text: Priscilla Silva

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.