{"id":246,"date":"2018-03-30T01:17:00","date_gmt":"2018-03-30T01:17:00","guid":{"rendered":"https:\/\/securityeverafter.com\/2018\/03\/30\/version-7-of-the-cis-controls-released\/"},"modified":"2018-03-30T01:17:00","modified_gmt":"2018-03-30T01:17:00","slug":"version-7-of-the-cis-controls-released","status":"publish","type":"post","link":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/","title":{"rendered":"Version 7 of the CIS Controls Released"},"content":{"rendered":"

I recently posted the <\/span>below<\/a> on the <\/span>SANS Internet Storm Center<\/a>.<\/span>
\n
\n<\/span><\/p>\n

The <\/span>CIS Controls<\/a> <\/span>serve as a \u201cprioritized set of actions to protect your organization and data from known cyber attack vectors.\u201d. Embraced by several organizations as outlined in the <\/span>Case Studies section<\/a>, significant improvements to their cyber security programs are listed and can serve as an inspiration to consider this approach to effective cyber defense.<\/div>\n
Recently Version 7 of the CIS Controls<\/a> were released. This work reflects the engagement of over many volunteers who helped shape this update. Several key changes made to the <\/span>CIS Controls<\/a> are listed below, including the following seven principles.<\/div>\n
<\/div>\n
1. Improve the consistency and simplify the wording of each sub-control<\/div>\n
2. Implement “one ask” per sub-control<\/div>\n
3. Bring more focus on authentication, encryption, and application whitelisting<\/div>\n
4. Account for improvements in security technology and emerging security problems<\/div>\n
5. Better align with other frameworks (such as the NIST CSF)<\/div>\n
6. Support the development of related products (e.g. measurements\/metrics, implementation guides)<\/div>\n
7. Identify types of CIS controls (basic, foundational, and organizational)<\/div>\n
<\/div>\n
Have you implemented the <\/span>CIS Controls<\/a>? If so, please share some of your experiences in our comments section. If not, consider reviewing the references below to learn more about how they could help you.<\/div>\n
Center for Internet Security<\/div>\n
https:\/\/www.cisecurity.org\/<\/a><\/div>\n
CIS Controls <\/div>\n
https:\/\/www.cisecurity.org\/controls\/<\/a><\/div>\n
CIS Controls Version 7 \u2013 What\u2019s Old, What\u2019s New<\/div>\n
https:\/\/www.cisecurity.org\/cis-controls-version-7-whats-old-whats-new\/<\/a><\/div>\n
Watch Launch Event Video<\/div>\n
https:\/\/www.youtube.com\/watch?v=eJ1qxgf26wk<\/a><\/div>\n
CIS Controls Version 7 Measures & Metrics<\/div>\n
https:\/\/www.cisecurity.org\/white-papers\/cis-controls-v7-measures-metrics\/<\/a><\/div>\n
CIS Controls Version 7 Change Log<\/div>\n
https:\/\/www.cisecurity.org\/white-papers\/cis-controls-v-7-change-log\/<\/a><\/div>\n
<\/div>\n
Russell Eubanks<\/div>\n
ISC Handler<\/a><\/div>\n
SANS Instructor<\/a><\/div>\n

<\/span><\/p>\n

@russelleubanks<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"

I recently posted the below on the SANS Internet Storm Center. The CIS Controls serve as a \u201cprioritized set of actions to protect your organization and data from known cyber attack vectors.\u201d. Embraced by several organizations as outlined in the Case Studies section, significant improvements to their cyber security programs are listed and can serve as an inspiration to consider this […]<\/p>\n","protected":false},"author":4,"featured_media":548,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[12,18],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"\nVersion 7 of the CIS Controls Released - Security Ever After - vCISO<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Version 7 of the CIS Controls Released - Security Ever After - vCISO\" \/>\n<meta property=\"og:description\" content=\"I recently posted the below on the SANS Internet Storm Center. The CIS Controls serve as a \u201cprioritized set of actions to protect your organization and data from known cyber attack vectors.\u201d. Embraced by several organizations as outlined in the Case Studies section, significant improvements to their cyber security programs are listed and can serve as an inspiration to consider this […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Ever After - vCISO\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-30T01:17:00+00:00\" \/>\n<meta name=\"author\" content=\"Russell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:site\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Russell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/\"},\"author\":{\"name\":\"Russell\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\"},\"headline\":\"Version 7 of the CIS Controls Released\",\"datePublished\":\"2018-03-30T01:17:00+00:00\",\"dateModified\":\"2018-03-30T01:17:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/\"},\"wordCount\":296,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#primaryimage\"},\"thumbnailUrl\":\"\",\"articleSection\":[\"cyber security\",\"SANS\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/\",\"url\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/\",\"name\":\"Version 7 of the CIS Controls Released - Security Ever After - vCISO\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2018-03-30T01:17:00+00:00\",\"dateModified\":\"2018-03-30T01:17:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securityeverafter.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Version 7 of the CIS Controls Released\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securityeverafter.com\/#website\",\"url\":\"https:\/\/securityeverafter.com\/\",\"name\":\"Security Ever After - CISO\",\"description\":\"vCISO\",\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securityeverafter.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securityeverafter.com\/#organization\",\"name\":\"Security Ever After\",\"url\":\"https:\/\/securityeverafter.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"width\":1169,\"height\":826,\"caption\":\"Security Ever After\"},\"image\":{\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/russelleubanks\",\"https:\/\/www.linkedin.com\/in\/russelleubanks\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\",\"name\":\"Russell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"caption\":\"Russell\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Version 7 of the CIS Controls Released - Security Ever After - vCISO","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/","og_locale":"en_US","og_type":"article","og_title":"Version 7 of the CIS Controls Released - Security Ever After - vCISO","og_description":"I recently posted the below on the SANS Internet Storm Center. The CIS Controls serve as a \u201cprioritized set of actions to protect your organization and data from known cyber attack vectors.\u201d. Embraced by several organizations as outlined in the Case Studies section, significant improvements to their cyber security programs are listed and can serve as an inspiration to consider this […]","og_url":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/","og_site_name":"Security Ever After - vCISO","article_published_time":"2018-03-30T01:17:00+00:00","author":"Russell","twitter_card":"summary_large_image","twitter_creator":"@russelleubanks","twitter_site":"@russelleubanks","twitter_misc":{"Written by":"Russell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#article","isPartOf":{"@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/"},"author":{"name":"Russell","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3"},"headline":"Version 7 of the CIS Controls Released","datePublished":"2018-03-30T01:17:00+00:00","dateModified":"2018-03-30T01:17:00+00:00","mainEntityOfPage":{"@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/"},"wordCount":296,"commentCount":1,"publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"image":{"@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#primaryimage"},"thumbnailUrl":"","articleSection":["cyber security","SANS"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/","url":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/","name":"Version 7 of the CIS Controls Released - Security Ever After - vCISO","isPartOf":{"@id":"https:\/\/securityeverafter.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#primaryimage"},"image":{"@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#primaryimage"},"thumbnailUrl":"","datePublished":"2018-03-30T01:17:00+00:00","dateModified":"2018-03-30T01:17:00+00:00","breadcrumb":{"@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/securityeverafter.com\/version-7-of-the-cis-controls-released\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securityeverafter.com\/"},{"@type":"ListItem","position":2,"name":"Version 7 of the CIS Controls Released"}]},{"@type":"WebSite","@id":"https:\/\/securityeverafter.com\/#website","url":"https:\/\/securityeverafter.com\/","name":"Security Ever After - CISO","description":"vCISO","publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securityeverafter.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/securityeverafter.com\/#organization","name":"Security Ever After","url":"https:\/\/securityeverafter.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","contentUrl":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","width":1169,"height":826,"caption":"Security Ever After"},"image":{"@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/russelleubanks","https:\/\/www.linkedin.com\/in\/russelleubanks\/"]},{"@type":"Person","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3","name":"Russell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","caption":"Russell"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/246"}],"collection":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/comments?post=246"}],"version-history":[{"count":0,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/246\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/media?parent=246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/categories?post=246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/tags?post=246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}