Center for Internet Security (CIS) Releases CIS Controls v8.1 with New Governance Recommendations

CIS Controls v8.1 represents the latest evolution in cybersecurity standards to improve an enterprise's cybersecurity posture

EAST GREENBUSH, N.Y., June 25, 2024 – The Center for Internet Security, Inc. (CIS®) today announced the launch of its updated iteration – version 8.1 of the CIS Critical Security Controls® (CIS Controls®). The update addresses the increasing complexities and vulnerabilities in today's cyber landscape by incorporating new asset classes and introducing the governance security function, highlighting CIS's commitment to ensuring that organizations remain resilient against rapidly changing cyber threats.

The CIS Controls aim to streamline the process of designing, implementing, measuring, and managing enterprise security. New asset classes were added to better match specific parts of an enterprise’s infrastructure that each CIS Safeguard applies to. The addition of the governance security function will help Controls adopters better identify the policies, procedures and processes necessary to support how an enterprise can protect their assets and equip them with the evidence needed to demonstrate industry compliance.

“Effective cybersecurity governance provides the structure needed to steer  an enterprise’s cybersecurity program to support business goals,” said Curtis Dukes, CIS Executive Vice President and General Manager, Security Best Practices. “The new governance activities in CIS Controls v8.1 provide a clear roadmap for enterprises to develop comprehensive cybersecurity programs.”

The CIS Controls are a prioritized set of Safeguards to mitigate the most prevalent cyber attacks against systems and networks. They have been included in state cybersecurity safe harbor statues in Ohio, Utah, Connecticut, and Iowa and are mapped to and referenced by multiple legal, regulatory, and policy frameworks, simplifying compliance.

“The Controls have always maintained alignment with evolving industry standards and frameworks and will continue to do so,” said Dukes. “This assists all users of the Controls and is a core principle of how the Controls operate.”

The CIS Controls were designed to be comprehensive enough to protect and defend cybersecurity programs for any size enterprise.

Version 8.1 is an iterative update to CIS Controls v8 and minimizes disruption to Controls users. Supporting tools and resources will be updated throughout the year.

Download CIS Controls v8.1 here

For more information on the CIS Controls, please contact CIS Sr. Media Relations Manager Kelly Wyland at [email protected] or call/text 518-256-6978.

# # #


CIS Logo



About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously refine these standards to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. election offices. To learn more, visit or follow us on X: @CISecurity.