CIS Logo
tagline: Confidence in the Connected World

CIS® Invites Public Feedback on CIS Controls™ Version 7 from January 24 – February 7, 2018

January 24, 2018

Rosslyn, VA

CIS is finalizing updates & revisions for the release of CIS Controls Version 7.

The CIS Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. They are a relatively short list of high-priority, highly effective defensive actions that provide a "must-do, do-first" starting point for every enterprise seeking to improve their cyber defense.

Since their initial release in 2008, the CIS Controls team has partnered with cybersecurity professionals, subject matter experts, industry veterans, and individual auditors from around the globe for each version. CIS strives to prioritize the cybersecurity actions contained in the CIS Controls and provide policy guidance and technical next steps users can take to improve their security posture.

However, before the CIS Controls V7 are finalized, CIS is issuing a worldwide request for input and feedback. Everyone is welcome to comment and contribute. “The CIS Controls have always been the product of a global community of adopters, vendors, and supporters, and V7 will be no exception. Your challenges, priorities, and feedback are essential to this work,” said Tony Sager, CIS Senior Vice President and Chief Evangelist for the CIS Controls.

How to Participate

Visit our Call for Feedback form, to download a draft copy of the CIS Controls V7 and submit your feedback. Instructions for submitting comments and ideas via email are included.

After the call for participation closes on February 7, 2018, the CIS Controls team will review all of the submitted comments, ideas, and feedback. The CIS Controls V7 are scheduled to be released in March 2018.

The CIS Controls are maintained by a volunteer panel of security experts, organized and led by CIS. These include practitioners from across government, industry, and academia – each bringing deep technical understanding from across multiple viewpoints (e.g., vulnerability, threat, defensive technology, tool vendors, enterprise management). In addition to public feedback, CIS directly reaches out to numerous CIS Controls adopters, security vendors, and threat intelligence analysts to ensure each version of the CIS Controls considers all viewpoints before selecting the most effective set of controls.

CIS (The Center for Internet Security®) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. Our CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing & Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities. To learn more, visit or follow us on Twitter: @CISecurity.