URGENT MESSAGE: Log4j Zero-Day Vulnerability Response| Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

Microsoft Azure Security Benchmark v3 is now mapped to CIS Critical Security Controls v8

We are pleased to announce the release of the Azure Security Benchmark (ASB) v3 with mappings to the CIS Critical Security Controls (CIS Controls) v8. The ASB includes high-impact security guidance to mitigate against high priority threats. While the ASB is specific to Azure, this mapping shows the applicability of CIS Controls v8 to an enterprise’s cybersecurity program regardless of architecture. If your architecture is cloud-based, on-premise or hybrid, the CIS Controls will work for you!

The Controls v8 update was released this past May. It includes technologies such as cloud and mobile which given the pandemic, proved to be timely as we saw wholesale movement to cloud and work-at-home. And since networks are borderless, we chose to organize v8 by activity instead of by who manages the devices. So, you’ll see some consolidation of Controls like “Secure Configuration of Enterprise Assets and Software.” Also, we added a whole new Control on “Service Provider Management” because so many of you rely on third-party service providers for infrastructure or applications.

The Microsoft Benchmark focuses on cloud-centric control areas with 12 different ASB Control Domains. The CIS Controls provide coverage across all of the domains.  In fact, for several of the domains, such as Network Security and Asset Management, every ASB control maps to one or more CIS safeguards. We also map strongly to new ASB Control Domains such as DevOps Security, confirming the importance of our updates in version 8 to keep up with new threats, technologies (such as cloud), and security-related processes.

Not only can the CIS Controls help an enterprise secure their cloud deployments, but it is equally effective in securing your on-prem deployment. Microsoft’s mapping of ASB v3 to the CIS Controls is yet another example of how CIS security best practices work alongside other frameworks as part of an effective cybersecurity program.