Want to learn more about the CIS Controls? Check out our video below.
CIS Controls v8 was enhanced to keep up with modern systems and software. Movement to cloud-based computing, virtualization, mobility, outsourcing, work from home, and changing attacker tactics prompted the update and supports an enterprise’s security as they move to both fully cloud and hybrid environments.
Our design principles included:
- Offense Informs Defense
- CIS Controls are selected, dropped, and prioritized based on data and on specific knowledge of attacker behavior and how to stop it.
- Focus
- Help defenders identify the most critical things they need to do to stop the most important attacks.
- Avoid being tempted to solve every security problem — avoid adding “good things to do” or “things you could do.”
- Feasible
- All individual CIS Safeguards must be specific and practical to implement.
- Measurable
- All CIS Controls, especially for Implementation Group 1, must be measurable.
- Simplify or remove ambiguous language to avoid inconsistent interpretation.
- Some Safeguards may have a threshold.
- Align
- Create and demonstrate “peaceful co-existence” with other governance, regulatory, process management schemes, framework, and structures.
- Cooperate with and point to existing, independent standards and security recommendations where they exist (e.g., National Institute of Standards and Technology® (NIST®), Cloud Security Alliance (CSA), Software Assurance Forum for Excellence in Code (SAFECode), MITRE ATT&CK®, and Open Web Application Security Project® (OWASP®)).
When you download v8, you will receive:
- Excel
- Change Log
- Implementation Groups
Controls v8 is available in these translations:
- Italian
- Japanese
- Portuguese
Have Questions? We're here to help. Go to Controls FAQs.
Get the Latest Version of the CIS Controls Today!
CIS Controls v8.1 help you keep on top of your evolving workplace, the technology you need to support it, and the threats confronting those systems. It places specific emphasis on moving to a hybrid or fully cloud environment and managing security across your supply chain.
Looking for other versions?
Version 8.1
CIS Controls v8.1 along with supporting tools and resources are available for download.
Version 7.1
CIS Controls v7.1 along with supporting tools and resources are available for download.