We are pleased to announce the release of the Azure Security Benchmark (ASB) v3 with mappings to the CIS Critical Security Controls (CIS Controls) v8. The ASB includes high-impact security guidance to mitigate against high priority threats. While the ASB is specific to Azure, this mapping shows the applicability of CIS Controls v8 to an enterprise’s cybersecurity program regardless of architecture. If your architecture is cloud-based, on-premise or hybrid, the CIS Controls will work for you!
The Controls v8 update was released this past May. It includes technologies such as cloud and mobile which given the pandemic, proved to be timely as we saw wholesale movement to cloud and work-at-home. And since networks are borderless, we chose to organize v8 by activity instead of by who manages the devices. So, you’ll see some consolidation of Controls like “Secure Configuration of Enterprise Assets and Software.” Also, we added a whole new Control on “Service Provider Management” because so many of you rely on third-party service providers for infrastructure or applications.
The Microsoft Benchmark focuses on cloud-centric control areas with 12 different ASB Control Domains. The CIS Controls provide coverage across all of the domains. In fact, for several of the domains, such as Network Security and Asset Management, every ASB control maps to one or more CIS safeguards. We also map strongly to new ASB Control Domains such as DevOps Security, confirming the importance of our updates in version 8 to keep up with new threats, technologies (such as cloud), and security-related processes.
Not only can the CIS Controls help an enterprise secure their cloud deployments, but it is equally effective in securing your on-prem deployment. Microsoft’s mapping of ASB v3 to the CIS Controls is yet another example of how CIS security best practices work alongside other frameworks as part of an effective cybersecurity program.
UK police reveal they are running fake DDoS-for-hire sites to collect details on cybercriminals
There's bad news if you're someone who is keen to launch a Distributed Denial-of-Service (DDoS) attack to boot a website...
Microsoft Fixes Security Flaw in Windows Screenshot Tools
Information disclosure vulnerability aCropalypse could enable malicious actors to recover sections of screenshots Read More
Three Variants of IcedID Malware Discovered
The new variants hint that considerable effort is going into the future of IcedID and its codebase Read More
New MacStealer Targets Catalina, Newer MacOS Versions
The malware can extract information from documents, browser cookies and login information Read More
Can zero trust be saved?
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for...
Part of Twitter source code leaked on GitHub
Part of Twitter’s source code has been leaked and posted on GitHub by an unknown user. GitHub took down the...