CIS Controls V7 Implementation Guide for Industrial Controls Systems Now Available

June 28, 2018

East Greenbush, NY

In an acknowledgement that some operational environments present unique requirements not previously addressed by the CIS Controls™, CIS® (Center for Internet Security, Inc.) now offers the CIS Controls V7 Implementation Guide for Industrial Controls Systems. This new guide addresses how to use the CIS Controls to bolster cybersecurity amidst the unique constraints of Industrial Control System (ICS) environments.

“This guide is a direct response to requests from the ICS community for guidance on how to best implement the CIS Controls,” said Tony Sager, CIS Senior Vice President & Chief Evangelist. “Recognizing these enterprises have a special set of circumstances, we made sure this Guide is tailored to improve their specific cybersecurity challenges,” he added.

While many of the core security concerns of enterprise IT systems are shared by ICS operators, the main challenge in applying best practices to ICS is these systems typically operate software and hardware that directly control physical equipment or processes. Compounding this issue is the fact that many of these systems are often the underpinning of critical infrastructures. To address these scenarios, CIS brought together various ICS experts to identify the essential CIS Controls to protect ICS environments.

CIS Controls V7 Implementation Guide for Industrial Controls Systems can be downloaded here https://www.cisecurity.org/insights/white-papers/cis-controls-implementation-guide-for-industrial-control-systems/.

A recording of the panel discussion webinar (held on June 28, 2018) about the ICS Guide can be viewed here: https://www.cisecurity.org/insights/webinar/cis-controls-implementation-guide-for-industrial-control-systems-launch-event/.

The CIS Controls, a prioritized list of essential actions an organization can take to protect their networks, are a leading cybersecurity approach referenced in the NIST Cybersecurity Framework. They are available as a free download at https://www.cisecurity.org/controls/.

About CIS

CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls and CIS Benchmarks™ are the global standards and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on- demand, and scalable computing environments in the cloud. CIS® is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices.