Center for Internet Security Opens the Critical Security Controls for Effective Cyber Defense 6.0 for Industry Comment

Share Article

Cybersecurity nonprofit seeks input from industry experts for recommended cyber defense actions.

Center for Internet Security Logo
The Controls continue to be a valuable asset to improving security and our goal is to consistently maintain its relevance in a world of constantly evolving technology.

Today, the Center for Internet Security (CIS) made public the latest release of the Critical Security Controls Draft Version 6.0 in its effort to receive feedback from the greater cybersecurity community. CIS, an internationally recognized nonprofit dedicated to improving cybersecurity in the public and private sectors, encourages collaboration and information sharing within the industry to further enhance cyber solutions, like the Critical Security Controls.

The Critical Security Controls is a recommended set of action items for cyber defense that provides specific and actionable ways to thwart the most pervasive cyber attacks. The guidelines are developed, refined, validated and supported by a group of volunteer security experts. The previous version of the Critical Security Controls was maintained by the Council for CyberSecurity, which integrated in January with CIS, renowned for its Benchmarks program and Multi-State Information Sharing Center (MS-ISAC).

The Critical Security Controls Draft Version 6.0 incorporates feedback CIS received from a variety of users of the Controls, like students, consultants and vendors. Some key updates included in this latest version are prioritizing based on the evolution of a threat, simplifying the Controls to avoid confusion or duplication, further alignment with other industry-recognized frameworks, and more.

“For the past few months, the Controls Editorial Panel, composed of a notable set of cybersecurity industry professionals and experts, made necessary changes to the previous version of the Controls to keep the Controls updated and relevant,” stated Tony Sager, Senior Vice President and Chief Evangelist at CIS. “With the draft Controls 6.0 complete, we are reaching out to the broader community to ask them to review and provide feedback for any additional changes that should be considered. The Controls continue to be a valuable asset to improving security and our goal is to consistently maintain its relevance in a world of constantly evolving technology.”

The Critical Security Controls Draft Version 6.0 can be accessed via the CIS website at All feedback can be communicated to CIS by sending emails to ControlsInfo(at)cisecurity(dot)org, with the subject “Public Comment.”

About the Critical Security Controls:
The Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The Controls have been developed and are maintained by an international, grass-roots consortium that includes a broad range of companies, government agencies, institutions, and individuals from every part of the ecosystem including: threat responders and analysts, security technologists, vulnerability-finders, tool builders, solution providers, front-line defenders, users, consultants, policy-makers, executives, academia, auditors, etc. The Critical Security Controls align with most of the other frameworks for managing cyber security, including the NIST Cyber Security Framework, FISMA, ISO and others. To learn more about the Controls visit

About the Center for Internet Security:
The Center for Internet Security (CIS) is an international nonprofit organization focused on enhancing the cybersecurity readiness and response of public and private sector entities. Within its scope of work, CIS produces consensus-based secure configuration benchmarks and resources, including CIS-CAT, a renowned configuration assessment tool that enables rapid assessment of security posture. CIS also maintains and promotes adoption of the Critical Security Controls, which are widely respected actionable best practices for cyber defense. The nonprofit is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), which serves as the key cyber security resource for state, local, territorial and tribal governments. Through its numerous initiatives and programs, CIS is committed to elevating the competencies of the cybersecurity workforce, and to the development of policies, products and resources that help our partners achieve their security goals. To learn more, please visit or follow us on social media at @CISecurity.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Chad Rogers
Visit website