CIS Controls Companion Guide for the Cloud Now Available

Call For Public Comments On The Internet Of Things Companion Guide Is February 12 – 28


East Greenbush N.Y.,

February 12, 2019

The CIS ControlsCloud Companion Guide is now available.

“Working with an army of global adopters and cybersecurity experts, the CIS Controls team has created a new companion guide to help organizations break down and map the applicable CIS Controls and their implementation in cloud environments using consensus-developed best practices,” said Tony Sager, CIS® Senior Vice President, and Chief Evangelist. “It’s another great example of the CIS Community model – sharing labor and ideas to create products that can help every enterprise conduct a security assessment and develop an improvement roadmap,” he added.

Cloud Challenge: Sharing the Responsibility

One of the main challenges in applying best practices to cloud environments is the knowledge that these systems operate under different assumed security responsibilities than traditional on-premises environments. There is often a shared security responsibility between the user and the cloud provider. In the CIS Controls Cloud Companion Guide, CIS identifies who is responsible for cloud security tasks outlined in the CIS Controls that are specific to the service models:

  • IaaS (Infrastructure as a Service)
  • PaaS (Platform as a Service)
  • SaaS (Software as a Service)
  • FaaS (Function as a Service)

The guide also takes into consideration the special mission and business requirements found in cloud environments. It examines unique risks (vulnerabilities, threats, consequences, and security responsibilities) to cloud environments. These risks drive the priority of enterprise security requirements (e.g., availability, integrity, and confidentiality of data).

The CIS Controls Cloud Companion Guide will allow users to manage cloud deployments by tailoring the CIS Controls in the context of a specific IT/OT cloud environment.

Call for Comments for the CIS Internet of Things (loT) Companion Guide is 2/12/19 to 2/28/19

CIS is finalizing updates and revisions for the release of its CIS Controls Internet of Things Companion Guide. Before the guide is finalized,

CIS is issuing a global request for input and feedback. Everyone is welcome to comment and contribute. “The CIS Controls have always been the product of the vast community of adopters, vendors, and supporters, and this loT Guide will be no exception. Your challenges and priorities define our roadmap, and your feedback provides value to the entire global community,” said Tony Sager.

Enterprise IoT security presents complex challenges for security professionals. IoT devices are embedded into organizations almost everywhere. Unfortunately, they often cannot be secured via standard enterprise security methods, such as endpoint agents. Yet for ease of use, IoT devices are often connected to the same networks employees use day in and day out, and they may also be directly internet connected. These devices include smart speakers, security cameras, door locks, window sensors, thermostats, headsets, watches, and more.

CIS invites individuals and organizations to join the discussion and help us determine best practices securing IoT environments. To participate, login to CIS WorkBench, and navigate to our CIS Controls IoT Community, where you will find helpful documentation and be able to join discussion forums on each CIS Sub-Control. CIS WorkBench is a collaboration and development platform where you will see comments provided by the members of the CIS Controls communities.

Visit the IoT Community on CIS WorkBench:

About CIS

CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC®), which supports the cybersecurity