CIS Controls

NNT and CIS Form Strategic Partnership
View the Press Release

NNT & CIS Controls

Want clarity on what you REALLY need to be doing by way of security best practice in your organization? Left scratching your head for clearer guidance after reading the PCI DSS, NERC CIP, GDPR or any other Governance, Risk and Compliance (GRC) standard? Still confused about what you must do and should do in terms of data protection for your business, and why? NNT recommends the CIS Controls as an essential ‘go to’ resource for any data security and compliance professional. Our thanks to the Center for Internet Security for continuing to expand the world’s knowledge and understanding of cyber security best practices.

The latest version, CIS Controls V7, keeps the same 20 controls that businesses and organizations around the world already depend upon to stay secure; however, the ordering has been updated to reflect the current threat landscape The latest version breaks down the 20 controls into three specific categories: basic, foundational, and organizational.

 

Basic:
Key controls which should be implemented in every organization for essential cyber defense readiness.

Foundational:
Technical best practices provide clear security benefits and are a smart move for any organization to implement.

Organizational:
These controls are more focused on people and process involved in cybersecurity.

 

cis controls actions CIS Control 1 cis control 2 cis control 3 cis control 4 cis control 5 cis control 6 cis control 7 cis control 8 cis control 9 cis control 10 cis control 11 cis control 12 cis control 13 cis control 14 cis control 15 cis control 16 cis control 17 cis control 18 cis control 19 cis control 20

"The majority of security incidents occur when basic controls are lacking or are poorly implemented. The first six CIS Controls have been assessed as preventing up to 90% of pervasive and dangerous cyber-attacks.”

Read John Gilligan (CEO of Center for Internet Security) testimony to the United States Senate, Permanent Subcommittee on Investigations, Homeland Security & Government Affairs Committee on Private Sector Data Breaches, Thursday, March 7, 2019.
Read John Gilligan’s testimony »
Watch John Gilligan’s testimony »

 

CIS Controls Background

The CIS Controls have been formulated to provide clarity and guidance for the bewildering array of security tools and technology, security standards, training, certifications, vulnerability databases, guidance, best practices and compliance mandates. The goal is to answer the fundamental questions regarding security:

1

What are the most critical areas we need to address and how should an enterprise take the first step to mature their risk management program?

2

Rather than chase every new exceptional threat and neglect the fundamentals, how can we get on track with a roadmap of fundamentals and guidance to measure and improve?

3

Which defensive steps have the greatest value?

Most GRC standards outline the need for security best practices to be implemented, supported by strong process and procedures. However, few if any provide any real detail on what is actually expected, recommended or proven to be effective. On the one hand, this generalized and non-prescriptive guidance is unavoidable since every organization is set-up differently. With varying levels of risk to consider, the appropriate level of cyber security defense measures and data protection will necessarily be different for everyone. However there is still a base-level of security practices that everyone should embrace and assimilate into their core IT operations, and this is where the CIS Controls really prove their value.

 

CIS Controls and NNT

The first six CIS Controls (Basic) are the most critical to implement and manage. Interestingly, they have more to do with operational controls than they do security controls. NNT’s products uniquely align with the requirements of these "Basic" controls by providing a suite of products that address each of the controls requirements.

NNT's strategic partnership with CIS highlights the industry's need to combine an IT management methodology and best practices from both security and IT service management...resulting in a holistic, comprehensive and prescriptive approach to solving security. This strategy is what NNT calls SecureOps™.

This strategy is underpinned by NNT’s knowledge of the essential common controls that overlap to support and achieve business objectives from two different vantage points. This approach creates the security foundation and a solution to eliminate security breaches and incidents as we know them today.

CIS Controls Solution Brief:
Learn how NNT addresses the CIS controls

icon

CIS Controls Solution Brief:
The 6 Basic CIS Controls & NNT

icon

CIS Controls Detailed White Paper:
Learn where NNT can address the 20 CIS Controls

icon

SANS Security Leadership Poster:
Five Keys for Building a Cybersecurity Program

icon

 

Why Implement the CIS Controls?

The CIS Controls are informed by actual attacks and effective defenses and reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, individuals); with every role (threat responders and analysts, technologists, vulnerability-finders, tool makers, solution providers, defenders, users, policy-makers, auditors, etc.); and within many sectors (government, power, defense, finance, transportation, academia, consulting, security, IT) who have banded together to create, adopt, and support the Controls.

Top experts from organizations pooled their extensive first-hand knowledge from defending against actual cyber-attacks to evolve the consensus list of Controls, representing the best defensive techniques to prevent or track them. This ensures that the Controls are the most effective and specific set of technical measures available to detect, prevent, respond, and mitigate damage from the most common to the most advanced of those attacks.

 

Protect your IT Environment with the CIS Controls

The Controls are not limited to blocking the initial compromise of systems, but also address detecting already-compromised machines and preventing or disrupting attackers’ follow-on actions. The defenses identified through these Controls deal with reducing the initial attack surface by hardening device configurations, identifying compromised machines to address long-term threats inside an organization’s network, disrupting attackers’ command-and-control of implanted malicious code, and establishing an adaptive, continuous defense and response capability that can be maintained and improved.

The CIS Controls are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can take to assess and improve their current security state. At the same time, this is not a one-size-fits-all solution, in either content or priority. You must still understand what is critical to your business, data, systems, networks, and infrastructures, and you must consider the adversary actions that could impact your ability to be successful in the business or operations. Even a relatively small number of Controls cannot be executed all at once, so you will need to develop a plan for assessment, implementation, and process management.

As such the CIS Controls can be used as a universal basis for any compliance mandate an organization is subject to.

 

Speak to a consultant to learn how NNT automates the CIS Controls Contact Us

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.