x
Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Version 7.1 – A new way to look at the CIS Controls

The CIS Controls are internationally-recognized for bringing together expert insight about threats, business technology, and defensive options. They provide an effective, coherent, and simpler way to manage an organization’s security improvement program. But in our experience, organizations of every size and complexity still need more help to get started.  Many organizations are working with varying resources, expertise, and risk exposure. In security, one size rarely fits all.

Introducing Implementation Groups

Version 7.1 of the CIS Controls completely revamps how organizations should prioritize their cybersecurity activities with the introduction of Implementation Groups (IGs). The IGs provide a simple and accessible way to help organizations classify themselves as belonging to one of these IGs to focus their security resources, expertise, and risk exposure while leveraging the value of the CIS Controls program, community, complementary tools, and working aids.

To develop the IGs, we first took a “horizontal” look across all of the CIS Controls and identified a core set of defenses that organizations with limited resources and limited risk exposure should focus on. We call these accessible and high-value Sub-Controls IG1. These provide effective security value with technology and processes that are generally already available, while providing a basis for more tailored and sophisticated action if warranted.

Building upon IG1, we then identified an additional set of Sub-Controls for organizations with more resources and expertise, but also greater risk exposure. This is IG2. Finally, the rest of the Sub-Controls make up IG3. Watch the video to learn more:

Security for every organization

From their previous life as the SANS Top 20 to the growth and development of V7.1, the CIS Controls have always provided best practices for organizations to defend their cyber assets. The development of Implementation Groups helps businesses from around the world:

  • Create cybersecurity programs on a budget
  • Implement best practices regardless of cyber expertise
  • Defend systems and data with limited resources
  • Bolster their organization’s security no matter how complex

The CIS Controls V7.1 will be released later this year. In the meantime, you can read case studies, download white papers, and learn more on our website: