CIS Controls Companion Guide Call for Participation


The CIS Controls started as a grassroots activity over a decade ago to help enterprises focus on the most fundamental and valuable cybersecurity actions. With regular updates, the CIS Controls are downloaded by thousands every year, providing enterprises a prioritized path to gradually improve their cybersecurity posture. Movement to cloud-based computing, virtualization, mobility, outsourcing, Work-from-Home, and changing attacker tactics prompted the latest update set to release next month. CIS Controls Version 8 aims to support an enterprise’s security as it move to both fully cloud and hybrid environments.

The CIS Controls ecosystem is not just about the list though. Since Version 6, there has been an explosion of complementary information, products, and services available from CIS, and from the industry at-large.

Call for Participation: CIS Controls Cloud, IoT, and Mobile

The release of Version 8 is quickly approaching, and CIS is looking to bring the trusted security of the CIS Controls to cloud, internet of things (IoT), and mobile environments. To do this, we’re actively recruiting cybersecurity professionals to break down and map the applicable CIS Controls and their implementation to cloud, IoT, and mobile environments for our CIS Companion Guides. These guides will complement the Controls and the ever-changing cyber ecosystem.

Why Volunteer?

We are at a fascinating point in the evolution of cyber defense. Business complexity is growing, dependencies are expanding, users are becoming more mobile, and the threats are evolving. CIS Controls community members share their knowledge and expertise to overcome the biggest challenges facing our industry.

Our community members enjoy collaborating and networking with thousands of cybersecurity experts from around the globe. Some are so good, they might be from even further away. In addition to the “warm and fuzzy” feeling you get from helping secure the connected world, you’ll be recognized for major contributions to the CIS Controls Companion Guides within the documentation – not to mention humble bragging to your friends and family about the intricacies of how a CIS Safeguard is related to a NIST SP 800-53 Control, which is also related to a HIPAA regulation).

Here are a few communities which are currently seeking participants:

Security in the Cloud: a Shared Responsibility

One of the main challenges in applying best practices to cloud environments is tied to the fact that these systems operate under different assumed security responsibilities than traditional on-premises computers. There is a shared security responsibility between the user and the cloud provider. Who is responsible for specific security tasks can depend on the specific cloud environment, and the following are covered in the Cloud Guide:

  • IaaS (Infrastructure as a Service)
  • PaaS (Platform as a Service)
  • SaaS (Software as a Service)
  • FaaS (Function as a Service)

Mobile Devices Take Security on the Go

There are also unique security challenges to mobile environments, especially when devices owned by employees are granted access to enterprise data and resources. Mobile is no longer a “nice to have” option offered by some businesses. Improperly managing mobile access to enterprise data can lead to shadow IT, where users are accessing sensitive data with an insecure device without the proper policies in place. For the Mobile Companion Guide, our community will focus on how to apply the CIS Controls security recommendations to Google Android and Apple iOS environments. This will also include mobile deployment models such as Bring Your Own Device (BYOD) and Corporately-Owned, Personally-Enabled (COPE).

One More Thing in the IoT

IoT devices have become embedded into enterprises across the globe and often can’t be secured via standard enterprise security methods, such as traditional antivirus software. Yet for ease of use and flexibility, IoT devices are commonly connected to the same workplace networks employees use day in and day out. IoT devices include smart speakers, security cameras, door locks, window sensors, thermostats, headsets, watches, and more – all devices that may be integrated into a typical business IT environment. The CIS IoT Community is working to develop a consistent approach on how to apply the CIS Controls to IoT devices commonly found within an enterprise.

How to Get Involved

At CIS, we believe in community-driven, consensus-developed resources that help every organization improve its cyber defenses. The CIS Companion Guides help IT professionals apply the security best practices found in CIS Controls Version 8 to any cloud, IoT, or mobile environment. We’re excited to update these guides, but we need your help. By joining us, you’ll also get early access to CIS Controls v8.

To get involved, join CIS WorkBench – our free community collaboration platform. Once you’ve registered, join a CIS Controls community, and start contributing to the discussion.