The New CIS Community Defense Model (CDM) Brings Security Within the Grasp of All Small Organizations

March 15, 2022


Part of operating an effective security program is the ability to never rest upon any previous success. When guarding against an adversary, yesterday’s success is quickly eclipsed by the dynamic shift in the attacker’s tactics. Just as a doctor “rules out” a particular diagnosis, an effective attacker first searches for well-known vulnerabilities using catalogs of offensive exploits. These are part of the attacker’s playbook.

Thankfully, the Center for Internet Security (CIS) has always been and continues to be dedicated to offering some of the best guidance for those entrusted with protecting online systems. Similar to the necessity of continuous improvement for any security program, the CIS team devotes itself to improving upon its previous models.

Initiated in 2008, The CIS Controls are now in version 8, undergoing changes not only over the course of its journey but also in regards to its stewardship and its name. Initially known as the “Top 20 Controls,” “The CIS Controls” are a vast and considerable undertaking for any organization, so the authors have endeavored to make the job easier for organizations of varying sizes.