The Difference Between CIS Controls v7.1 to v8

I’ve always enjoyed what CIS has to offer. I have previously written about the Top 20 Controls, as well as the MS-ISAC program. Good stuff.

Now, it’s time for a CIS Controls update! Some of my favorite changes include consolidation and reorganization of controls, emphasis on cloud and mobile, mapping for major standards and regulations out of the box, and additional writeups and companions.

To see what was updated and the methodology behind the decisions, watch the webinar video linked below!

Webinar | Welcome to CIS Controls v8 – CIS

CIS Controls v8 Resources

Here are the related resources discussed in the webinar above for your convenience.

• CIS Controls v8 is the new default – CIS Controls Version 8 (cisecurity.org)
  • CIS Controls v7.1 is still available – CIS Controls v7.1 (cisecurity.org)
• All 18 CIS Controls – The 18 CIS Controls (cisecurity.org)
• CIS Controls Implementation Groups – CIS Controls Implementation Groups (cisecurity.org)
• Controls Navigator – CIS Controls Navigator (cisecurity.org)
  • CIS Controls v8 Mapping to NIST CSF – CIS Controls v8 Mapping to NIST CSF (cisecurity.org)
  • CIS Controls v8 Mapping to NIST 800-53 Rev. 5 – CIS Controls v8 Mapping to NIST 800-53 Rev. 5 (cisecurity.org)
  • CIS Controls v8 Mapping to NIST SP 800-171 Rev 2 – CIS Controls v8 Mapping to NIST SP 800-171 Rev 2 (cisecurity.org)
  • CIS Controls v8 Cybersecurity Maturity Model Certification Mapping – CIS Controls v8 Cybersecurity Maturity Model Certification Mapping (cisecurity.org)
  • CIS Controls Mapping to Cloud Security Alliance Cloud Control Matrix – CIS Controls Mapping to Cloud Security Alliance Cloud Control Matrix (cisecurity.org)
• Download Page – Controls Download (cisecurity.org)
  • CIS Controls v8 Change Log – CIS Controls v8 Change Log (cisecurity.org)
  • CIS Controls v8 Mobile Companion Guide – CIS Controls v8 Mobile Companion Guide (cisecurity.org)
• Controls FAQ – CIS Controls FAQ (cisecurity.org)
• CIS Controls Case Studies – Resources (cisecurity.org)

Final Thoughts

I for one am excited. I watched their introduction webinar twice already. They really worked this one from the ground up and gave it way more thought.

They lost an alliteration, but gained so much more!