Connecticut Legislature Considers Incentivizing Adoption of Cybersecurity Best Practices
Bill includes the use of the CIS Controls as a safe harbor for organizations adopting cybersecurity best practices
HARTFORD, Conn., March 18, 2021 – The Center for Internet Security, Inc. (CIS®) testified before the Commerce Committee of the State of Connecticut General Assembly today at a hearing to consider a bill that would incentivize the voluntary adoption of cybersecurity best practices. The bill, introduced by Representative Caroline Simmons, provides a safe harbor for organizations that implement reasonable cybersecurity controls, including industry recognized cybersecurity frameworks such as the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and the CIS Controls®.
CIS Executive Vice President & General Manager, Security Best Practices, Curtis Dukes testified about the importance of implementing the CIS Controls to protect citizens and organizations from cyber-attacks.
“Representative Simmons’s bill would establish a legal safe harbor for organizations in Connecticut that voluntarily adopt certain recognized cybersecurity best practices like the CIS Controls and implement a written information security program,” said Dukes. “It creates an incentive to do the right thing – to improve cybersecurity according to a recognized industry standard – and receive an additional benefit in the bargain.”
The CIS Controls are a set of internationally-recognized, prioritized actions that form the foundation of basic cyber hygiene and essential cyber defense. They act as a blueprint for system and network operators to improve cyber defense by identifying specific actions to be done in a priority order, based on the current state of the global cyber threat. The CIS Controls are developed by an international community of volunteer experts and are available for free on the CIS website.
If approved, the bill would become law on October 1, 2021.
More information about the bill and Mr. Duke’s testimony can be found on the Connecticut General Assembly website.
The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously refine these standards to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. elections offices. To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.