Thanks to Dave Ries for sending me the following information:
Version 6.1 of the Center for Internet Security (CIS) Controls has been released as well as two other guidance documents produced by CIS located on its CIS Controls Library page.
Version 6.1 of The Critical Security Controls for Effective Cyber Defense includes a new two-level categorization scheme to show which sub-Controls are considered "Foundational" and which are "Advanced." There are no changes to the wording or prioritization of the Controls or Sub-Controls. The categorization concept was introduced in Version 5.1 but was excluded in Version 6.0. Based on recent user feedback the CIS Controls team created this categorization as an aid for prioritizing and planning a cybersecurity program. You can download the PDF here.
Practical Guidance for Implementing the Critical Security Controls addresses feedback from users about how to start implementing the CIS Controls. This guide shares information for small- or medium- sized businesses that may be wondering if the CIS Controls are the right fit for their company. It covers topics such as the level of effort, cost, and time required to implement the CIS Controls throughout an organization. It also provides specific steps any organization can use to get started with the CIS Controls.
The Executive Summary of the Critical Security Controls Version 6, provides readers with an overview and introduction to the CIS Controls, including a background on the philosophy that gave rise to the CIS Controls and a look at the community that helps develop them. This summary is appropriate for all audiences, including non-technical readers who just want to know what the CIS Controls are all about.
Finally, be on the lookout for news about a new CIS Controls assessment tool that is scheduled for release in early 2017.
Lots going on to keep up with!
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology