CIS Logo
tagline: Confidence in the Connected World

CIS Controls Internet of Things Companion Guide

New Resource Helps Organizations Apply the CIS Controls to the loT

East Greenbush, NY

June 27, 2019

Internet of Things (IoT) devices aren’t just invading our homes; these smart, connected machines are in the workplace and virtually every other public and private location we visit daily. To help secure this new frontier, CIS® (Center for Internet Security, Inc.) is releasing the free CIS Controls® Internet of Things Companion Guide to help organizations apply the CIS Controls to the IoT. The CIS Controls are internationally-recognized cybersecurity best practices for defense against common cybersecurity threats. They are used within a variety of industry sectors, and throughout local, state, and federal governments.

“The volume, variety, and velocity of the IoT security challenge makes the CIS approach to best practices more important than ever,” said Tony Sager, CIS Senior Vice President and Chief Evangelist. “As always, our guidance is accessible, vendor-neutral, and in alignment with both established security frameworks and industry solutions.”

The new IoT guide helps organizations implement consensus-developed best practices using Version 7.1 of the CIS Controls, taking into consideration the unique environment and challenges posed by IoT technology.

Security challenges for IoT

IoT devices include smart speakers, security cameras, door locks, window sensors, thermostats, headsets, watches, and more – all devices that may be integrated into a typical business IT environment, sometimes without the organization’s knowledge. Employees often purchase devices, bring them to work, and connect them to the company network sans authorization from an IT administrator. This creates serious challenges from an asset management, vulnerability management, and governance perspective.

There are many legitimate use cases for IoT in the workplace. The CIS Controls companion guide focuses on security-related factors that should be analyzed before a purchase is made. These include the ability to manage authentication credentials (e.g., change a password, enable 2-factor authentication), encrypt network traffic, and receive software updates. A major factor of IoT is making sure devices are outfitted with all necessary security features before the purchase is made, as embedded devices don’t get new functionality over time.

A Team Effort

The creation and ongoing development of the CIS Controls Internet of Things Companion Guide is thanks to a wide-community of dedicated IoT security professionals.

Download the guide

Download CIS Controls V7.1

About CIS

CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls® and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit CISecurity.org or follow us on Twitter: