CIS: Celebrating 20 Years of Cybersecurity
This year, the Center for Internet Security (CIS) is celebrating 20 years of making the connected world a safer place for people, businesses, and governments worldwide.
Back in August of 2000, a small group of business and government leaders met at the legendary Cosmos Club in Washington, D.C. to discuss a concerning rash of cyber-attacks. From that meeting and others, a vision emerged for an independent, mission-driven, nonprofit organization dedicated to preventing and mitigating new cyber threats.
Today, CIS is the embodiment of that vision. Over the course of 20 years, we have been privileged to work with some of the best minds in the cybersecurity and IT professions. Through a global, collaborative effort, we have developed world-class standards in the form of the CIS Controls and CIS Benchmarks, along with specialized technology tools to help security practitioners implement and manage their cyber defenses.
CIS Contributions to Cybersecurity Through the Years
We are extremely grateful to all of those who have contributed to the success of CIS over the years, including our community volunteers and partners. Below are just a few of the highlights of which we're proud:
- 2000: The idea is born. CIS incorporates and we welcome the first CIS SecureSuite member. The first CIS Benchmark is released (for the Solaris Operating System).
- 2002: Consensus-based security guidance is established with the Consensus Security Benchmark for Windows 2000 (involving NSA, DISA, FBI, SANS, CIS).
- 2008: Measurement takes center stage as the era of the professional CIS-Configuration Assessment Tool (CIS-CAT) begins.
- 2010: MS-ISAC transitions into CIS, providing no-cost support for U.S. State, Local, Tribal, and Territorial (SLTT) organizations (10,000 members today).
- 2011: 24x7x365 Security Operations Center (SOC) established for monitoring services. Albert IDS Pilot launched (750 devices today).
- 2013: AWS Partnership for cloud security with CIS Hardened Images begins; to be joined later on by Microsoft, Google, and Oracle (900 million compute hours used to date).
- 2015: Council on CyberSecurity (the Critical Security Controls, the U.S. Cyber Challenge) transitions into CIS. CIS Controls V6 reaches 100K downloads.
- 2018: CIS founds EI-ISAC for election integrity (2,750 members today).
- 2019: CIS Benchmark portfolio numbers have grown to more than 25 vendor product families and over 150 distinct CIS Benchmarks (more than one million downloads annually.)
CIS Today and Into the Future
CIS remains the independent and trusted resource for cybersecurity. Participation from our global volunteer community continues to drive the evolution of cybersecurity best practices. CIS is dedicated to bringing tools and services to the public in formats and products that make it easy and cost-effective to implement those best practices.
Recently, CIS released no-cost best practice guidance in the form of the Community Defense Model mapping the CIS Controls to the MITRE ATT&CK model, CIS Foundations Benchmarks for cloud service providers, a guide to the Shared Responsibility Model for security in the cloud, the CIS Password Policy Guide, the CIS Videoconferencing Security Guide, and more.
We introduced new versions of CIS-CAT and CIS CSAT Pro to assist with implementation and monitoring, giving cybersecurity professionals tools to automate and measure their implementation of best practices. CIS Benchmarks and CIS Controls continue to be the cornerstone of effective cyber hygiene and continue to be supported and referenced by experts in the industry.
CIS is proud to have grown our team to more than 250 employees in 19 states throughout the U.S., and have built a global community of volunteer subject matter experts with whom we are proud to collaborate to make the connected world a safer place now and for the future.
The celebration is just getting started. Stay tuned for more stories of the founding of CIS and the great things we have planned for 2021 and beyond.