CIS Critical Security Controls v8.1

Version 8.1 (v8.1) of the CIS Critical Security Controls® (CIS Controls®) is an iterative update to version 8.0. It offers prescriptive, prioritized, and simplified cybersecurity best practices that provide a clear path for you to improve your organization’s cyber defense program.

CIS Controls v8.1 features the following updates:

  • Included new and expanded glossary definitions for reserved words used throughout the Controls (e.g., plan, process, sensitive data)
  • Revised asset classes alongside new mappings to CIS Safeguards
  • Fixed minor typos in Safeguard descriptions
  • Added clarification to a few Safeguard descriptions
  • Realigned NIST CSF security function mappings to match NIST CSF 2.0

One key improvement to CIS Controls v8.1 mapping is the addition of the “Governance” security function. Effective governance provides the structure needed to steer a cybersecurity program toward achieving your enterprise goals. The Controls were designed to be comprehensive enough to protect and defend cybersecurity programs for any size enterprise while being prescriptive enough to ease implementation. With the update to CIS Controls v8.1, governance topics are now specifically identified as recommendations that can be implemented to enhance the governance of a cybersecurity program.

CIS Critical Security Controls v8.1


Ready to better identify the governing pieces of your cybersecurity program and obtain the evidence you need to demonstrate compliance?