Freely subscribe to our NEWSLETTER

“Building a strong cyber defence for an enterprise is increasingly challenging. Access exists to an extraordinary array of security tools and technology, security standards, and countless other guidance and recommendations. But all of this technology, information, and oversight has become a veritable "Fog of More": competing options, priorities, opinions, and claims that can paralyze or distract an enterprise from vital action. Therefore, we are honored that ETSI recognized the importance of the CIS Controls’ prioritized “do first” advice to improve global cyber defence by taking this action,” said Tony Sager, CIS Senior Vice President and Chief Evangelist.

“ETSI’s expertise on security is a well-known asset among cybersecurity stakeholders and TC CYBER recognizes the benefits brought by the Critical Security Controls to enhance the cybersecurity posture of industry, administrations and end users,” says Alex Leadbeater, chairman of the ETSI Technical Committee CYBER, “The ETSI Technical Reports reflect the combined knowledge of actual attacks and effective defences of experts from every part of the cyber security ecosystem.” This ensures that the CIS Controls are an effective and specific set of technical measures available to detect, prevent, respond, and mitigate damage from the most common to the most advanced of those attacks. These ETSI Reports were updated with the recent releases of both CIS Controls v7 and related materials to enable network providers to respond to the latest cyber security threats and meet new requirements such as GDPR compliance and cloud data centre hardening.
TR 103305-1 addresses “The Critical Security Controls”. It captures and describes the prioritized set of actions that collectively form a defence-in-depth set of best practices that mitigate the most common attacks against systems and networks. TR 103305-2, on measurement and auditing, is an evolving repository for measurement and effectiveness tests of Critical Security Control implementations. Because of their rapidly scaling importance and need for defensive measures, the mobile device and Internet of Things (IoT) sectors are treated in TR 103305-3 on Service Sector Implementations. TR 103305-4 deals with Facilitation Mechanisms and provides a
placeholder for reference information for several especially useful mechanisms: Hardened Images, Mappings and Compliance, Guide for Small- and Medium-Sized Enterprises, and Risk Assessment Method. TR 103305-5, on privacy enhancement, includes a privacy impact assessment and use of the Controls to help meet provisions of the EU General Data Protection Regulation (GDPR).

About CIS
CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center™ (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices.