What are the key updates in CIS v8?

While Version 8 of the CIS Controls has been released for several years, it’s important that businesses are aware of the main changes to the framework, as misalignment and drift is all too common in the compliance space. In this blog we will explore the key updates in CIS Controls Version 8 and how they can benefit businesses in their compliance and security efforts.

What are the key updates in CIS v8?
Do not index
Do not index

Key Updates in CIS Controls Version 8

The Center for Internet Security (CIS) released Version 8 of its CIS Controls back in 2021, updating the well known set of best practices designed to help organizations improve their cybersecurity posture. This latest version reflects significant changes in technology and the evolving threat landscape. While Version 8 of the CIS Controls has been released for several years, it’s important that businesses are aware of the main changes to the framework, as misalignment and drift is all too common in the compliance space. In this blog we will explore the key updates in CIS Controls Version 8 and how they can benefit businesses in their compliance and security efforts.
 

1. Holistic Approach to Security

One of the most notable updates in CIS v8 is the shift towards a more holistic approach to cyber security. The new version emphasizes the importance of integrating security practices across all aspects of a business, rather than treating them as isolated tasks. This change encourages organisations to view security as a continuous process that involves all stakeholders, not just security teams.
 

2. Updated Design Principles

CIS v8 introduces refined design principles that guide the development of the controls. These principles include:
  • Offense Informs Defense: The controls are prioritised based on data and knowledge of attacker behavior, ensuring that organisations focus on the most critical threats.
  • Focus: The controls help defenders identify essential actions to mitigate significant attacks, avoiding unnecessary complexity.
  • Feasibility and Measurability: Each control is designed to be practical and measurable, allowing organisations to assess their implementation effectively.
 

3. Revised Structure of Controls

The structure of the CIS Controls has been updated to enhance clarity and usability. Each control now includes:
  • An overview explaining its intent and utility.
  • A section detailing why the control is critical for blocking or mitigating attacks.
  • Procedures and tools that provide technical guidance for implementation.
  • Specific safeguard descriptions outlining actionable steps for businesses.
 

4. Implementation Groups

CIS v8 introduces Implementation Groups (IGs) that place controls into categories based on the resources available to a business. This allows companies to better prioritise their efforts according to their specific context and capabilities, making it easier to implement the controls effectively.
 

5. Focus on Cloud Security

With the increasing adoption of cloud technologies, CIS v8 places a heavy emphasis on cloud security. The updated controls address the unique challenges posed by cloud environments, enabling businesses to secure their cloud assets more effectively.
 

6. Integration with Other Frameworks

CIS v8 aims for alignment with other governance and regulatory frameworks, such as NIST and CSA. This integration facilitates a more comprehensive approach to compliance, allowing businesses to streamline their security efforts across multiple standards.
 

Conclusion

CIS Controls Version 8 represents a significant evolution in cybersecurity best practices, reflecting the changing landscape of technology and threats. By adopting these updated controls, organizations can enhance their security posture, improve compliance efforts, and better protect their assets against cyber threats.
 
For any business looking to implement these controls efficiently, OneClickComply can assist in automating the entire compliance process, implementing controls in a single click, generating policies, and continuously monitoring your systems for drift or vulnerabilities.
Finn O’Brien

Written by

Finn O’Brien

Operations Manager, OneClickComply