Center for Internet Security Releases Security Mitigation Strategies

Share Article

Crosswalk provides prioritized map of CIS Secure Configuration Benchmarks that address top security vulnerabilities

Center for Internet Security
Organizations of all sizes and from all sectors will benefit from adopting the CIS Secure Configuration Benchmarks, which are proven paths forward in making significant cyber security improvements.

The Center for Internet Security (CIS) today announced the release of its CIS Security Mitigation Strategies Crosswalk, which, when implemented by organizations, will assist in addressing critical vulnerabilities that often result in many of today’s cyber security intrusions and incidents.

The Crosswalk provides a comprehensive and prioritized blueprint of CIS Secure Configuration Benchmarks that organizations should leverage to help accomplish the SANS Top 20 Critical Security Controls and Australian Government Defense Signals Directorate (DSD) Top Mitigation Strategies, two leading security guidelines. The announcement was made at the Interop 2012 Conference, taking place May 6-10.

The Australian DSD Top Mitigation Strategies and the SANS Top 20 Critical Security Controls provide recommended mitigation strategies for preventing and protecting against cyber incidents. Strategies common to both guidance documents include patching desktop applications and operating systems, employing multi-factor authentication, controlling access privileges and reducing the number of operating system administrators. The CIS Benchmarks help accomplish these strategies.

The CIS Benchmarks are essential technical controls for hardening operating systems, applications, and network devices. They improve an organization’s overall security posture by helping to reduce the risk of business and e-commerce disruptions resulting from inadequate system configuration security. The CIS Benchmarks are internationally trusted, consensus-based, best-practice guides, which are developed, accepted and used by government, business, industry, and academia.

“Organizations of all sizes and from all sectors will benefit from adopting the CIS Benchmarks,” said William Pelgrin, CIS President and CEO. “Our Benchmarks are proven paths forward in making significant cyber security improvements and are an essential component of implementing the Australian DSD Top Mitigation Strategies and the SANS Top 20 Critical Security Controls.”

The release of the Crosswalk is one of several new initiatives at CIS, including the production of more standardized security automation content, increased integration and alignment with standard automation content policies, and access to “Quick Start” system configuration guides, with highest priority configuration security recommendations from corresponding CIS Benchmarks.

CIS has also implemented a new pricing schedule, which includes multi-year discounts to help make its resources more available to a broader range of organizations.

“Regardless of an organization’s size or expertise, they can use the Crosswalk and other CIS resources to develop a more secure posture. We have members that range from Fortune 500 companies to small, locally owned businesses,” said Rick Comeau, Executive Director of the CIS Security Benchmarks Division. “Our updated pricing model further reflects our commitment to providing the highest quality resources, in the most cost-effective manner, to as many organizations as possible.”

About the Center for Internet Security
The Center for Internet Security (CIS) is a not-for-profit organization whose mission is to enhance the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS comprises three divisions: the Multi-State Information Sharing and Analysis Center, which serves as a key cyber security resource for the nation’s state, local, territorial, and tribal (SLTT) governments; the Security Benchmarks Division, which provides consensus best practice standards for security configurations; and the Trusted Purchasing Alliance, which serves SLTT governments and not-for-profits in achieving a greater cyber security posture through trusted expert guidance and cost-effective procurement.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Krista Montie
Visit website