The Center for Internet Security is a nonprofit organization with the mission to 'identify, develop, validate, promote, and sustain best practice solutions for cyber defense.’ Experts and IT professionals from different governments, institutes, and businesses across the globe are participating and finalizing the controls based on the consensus decision-making model.
Now let us link this to why it is essential for every one of us and every organization. I have got a chance to read the article on data breaches affecting millions of users and some of the biggest breaches in recent times published by CSOonline with the title “The 15 biggest data breaches of the 21st century.”
The CIS Controls consists of a recommended best practices to secure systems and devices, and CIS Benchmarks are rules for hardening specific operating systems, middleware, software applications, and network devices. The CIS Controls and the CIS Benchmarks are developed using a consensus-based approach by communities of experts.
CIS controls have been mapped to many other standards and regulatory frameworks, for example. the NIST Cybersecurity Framework (CSF), the ISO 27000, PCI DSS, HIPAA, and many others.
The decision must consider an organization’s requirements, evaluation criteria, and architecture principles.
In CIS 8 the number of controls is reduced to 18 from 20 in CIS 7. CIS 8 contains 153 Safeguards, which were called sub-controls in CS7 and they were 171 sub-controls