Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

CIS Controls Internet of Things Companion Guide

New Resource Helps Organizations Apply the CIS Controls to the loT

East Greenbush, NY

June 27, 2019

Internet of Things (IoT) devices aren’t just invading our homes; these smart, connected machines are in the workplace and virtually every other public and private location we visit daily. To help secure this new frontier, CIS® (Center for Internet Security, Inc.) is releasing the free CIS Controls® Internet of Things Companion Guide to help organizations apply the CIS Controls to the IoT. The CIS Controls are internationally-recognized cybersecurity best practices for defense against common cybersecurity threats. They are used within a variety of industry sectors, and throughout local, state, and federal governments.

“The volume, variety, and velocity of the IoT security challenge makes the CIS approach to best practices more important than ever,” said Tony Sager, CIS Senior Vice President and Chief Evangelist. “As always, our guidance is accessible, vendor-neutral, and in alignment with both established security frameworks and industry solutions.”

The new IoT guide helps organizations implement consensus-developed best practices using Version 7.1 of the CIS Controls, taking into consideration the unique environment and challenges posed by IoT technology.

Security challenges for IoT

IoT devices include smart speakers, security cameras, door locks, window sensors, thermostats, headsets, watches, and more – all devices that may be integrated into a typical business IT environment, sometimes without the organization’s knowledge. Employees often purchase devices, bring them to work, and connect them to the company network sans authorization from an IT administrator. This creates serious challenges from an asset management, vulnerability management, and governance perspective.

There are many legitimate use cases for IoT in the workplace. The CIS Controls companion guide focuses on security-related factors that should be analyzed before a purchase is made. These include the ability to manage authentication credentials (e.g., change a password, enable 2-factor authentication), encrypt network traffic, and receive software updates. A major factor of IoT is making sure devices are outfitted with all necessary security features before the purchase is made, as embedded devices don’t get new functionality over time.

A Team Effort

The creation and ongoing development of the CIS Controls Internet of Things Companion Guide is thanks to a wide-community of dedicated IoT security professionals.

Download the guide

Download CIS Controls V7.1

About CIS

CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls® and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices. To learn more, visit CISecurity.org or follow us on Twitter: