News

  • Microsoft Azure Security Benchmark v3 is now mapped to CIS Critical Security Controls v8

    We are pleased to announce the release of the Azure Security Benchmark (ASB) v3 with mappings to the CIS Critical Security Controls (CIS Controls) v8. The ASB includes high-impact security guidance to mitigate against high priority threats. While the ASB is specific to Azure, this mapping shows the applicability of CIS Controls v8 to an…

    Read More

  • Authentication and Authorization Using Single Sign-On

    By: Kathleen M. Moriarty, CIS Chief Technology Officer In order to prevent credential theft from phishing attacks, there is a push for multi-factor authentication (MFA). This is a very important step and should be considered if your organization has not yet made the transition. While MFA adds important protections, how you implement single sign-on, authorization,…

    Read More

  • End of Life Update: CIS-CAT Pro Assessor v3

    CIS-CAT Pro is a tool used to evaluate the cybersecurity posture of a system against the recommended policy settings outlined in the CIS Benchmarks. Following the release of CIS-CAT Pro Assessor v4, the Center for Internet Security (CIS) will cease support for CIS-CAT Pro Assessor v3. Its final release will occur in November 2021. What…

    Read More

  • How to Meet the Shared Responsibility Model with CIS

    In 2020, the shift to a global remote workforce demonstrated just how difficult securing a cloud environment can be. Now organizations face the challenge of securing hybrid environments. To address these challenges, many companies migrate to the cloud and leverage cloud service providers (CSPs) such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, and…

    Read More

  • For Data Compliance, Automation is Key

    In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes Thordis Thorsteins, Senior Data Scientist at Panaseer. Panaseer provides a controls monitoring platform and has played a valuable role in the development of the CIS Critical Security Controls, as well as the implementation of the CIS Controls Assessment…

    Read More

  • Top 10 Malware October 2021

    In October 2021, the Top 10 stayed consistent with the previous month with the exception of GravityRAT which made its first appearance in the Top 10. GravityRAT is a RAT that affects Windows, MacOS, and Android. GravityRAT’s abilities include file exfiltration, remote command execution, keystroke logging. screenshot capture, and anti-analysis techniques. The Top 10 Malware…

    Read More

  • Cyber-Attack Defense: CIS Benchmarks + CDM + MITRE ATT&CK

    By Jennifer Jarose, CIS Cybersecurity Engineer, CIS Benchmarks Six trillion dollars…that’s the amount global cybercrime is expected to cost this year, according to Cyber Security Ventures. The Center for Internet Security (CIS) is committed to validating our standards against recognized cyber defense frameworks in the hopes to help reduce this amount in the future. Starting today, with the CIS…

    Read More

  • Join the Center for Internet Security at AWS re:Invent 2021

    This year, Amazon Web Services (AWS) returns to hosting its cloud computing conference, AWS re:Invent 2021, in person. Cloud professionals from around the globe will gather in Las Vegas to learn the latest news in AWS cloud computing. The five-day conference is packed with sessions on containers, DevOps, end user computing, IoT, and much more. The…

    Read More

  • CIS Benchmarks November 2021 Update

    The following CIS Benchmark updates have been released.  We’ve highlighted the major updates below. Each Benchmark includes a full changelog that can be referenced to see all changes made. CIS AlmaLinux OS 8 Benchmark v1.0.0 Prescriptive guidance for establishing a secure configuration posture for AlmaLinux OS 8 Linux distribution systems running on x86_64 platforms. Special…

    Read More

  • CIS Risk Assessment Method (RAM) v2.0 for CIS Controls v8

    Risk assessments are valuable tools for understanding the threats enterprises face, allowing them to organize a strategy and build better resiliency and business continuity, all before a disaster occurs. Preparation is key – after all, the worst time to plan for a disaster is during a disaster. The Center for Internet Security (CIS) recently released…

    Read More