CIS Logo
tagline: Confidence in the Connected World

This document provides a detailed mapping of the relationships between the CIS Controls and NIST Special Publication 171 R2, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations."

The Winter 2019 issue of Cybersecurity Quarterly covers everything from how to stop holiday scams to lifting up the new generation of cyber professionals.

While IT asset management is not a new field for IT professionals, the push to have an automated inventory for OT and control systems is a new phenomenon.

The CIS Controls Assessment Module helps organizations measure their application of the CIS Controls V7.1 Implementation Group 1 in Windows environments.

Learn key practices to protect cloud workloads when using VMs, endpoints, or containers. And, consider the best means for building a fruitful feedback loop.

The announcement reinforces the company’s commitment to its ecosystem approach, and in helping customers extract maximum value from the TrueFort platform.

Learn what Remote Desktop Protocol (RDP) is, how misconfigured RDP can be leveraged by cybercriminals, and what to do about it.

The 2018 NCSR provides insight on the level of maturity of state, local, tribal, and territorial information security programs from year to year.

Learn about the latest updates of CIS-CAT Pro that will improve members’ experience using CIS SecureSuite and implementing cybersecurity best practices.

The CIS Benchmarks were downloaded over 1 million times in 2019. They provide security guidance for configuring OS, servers, cloud environments, and more.

Join CIS Benchmarks Communities and work with a global community of IT professionals to continually create, refine, & secure configurations.

And, CIS, an AWS technology partner, announced new benchmarks and hardened images on AWS Marketplace to help cloud customers remain secure.

In November 2019, the Top 10 Malware saw Emotet & TrickBot fall out of the Top 10. The Top 10 variants comprised 57% of total malware activity in November.

A zero-day exploit is a cyber attack that targets a flaw in a system before developers or the public are aware it exists.

Through their implementation of security processes or technology, each person has demonstrated meaningful and measurable advances in security.

1 3 4 5 6 7 114