News
Panaseer Selected as a CIS Development Partner
November 2021 by Marc Jacob
Panaseer announces that it has partnered with the Center for Internet Security, Inc. (CIS®) to further the development of its Control Assessment Specification. The newly developed ‘version two’ of the Controls Assessment Specification, will provide guidance on the metrics a company should use to assess how well they are complying with ’version eight’ of the CIS critical security controls.
CIS is a community-driven non-profit organisation that leads a global community of IT professionals to continuously evolve standards and provide products and services to proactively safeguard against emerging security threats. It has years of experience in advising organisations on which controls to prioritise and how to implement them. In 2019 CIS took their first steps into recommending what metrics organisations should measure to assess their compliance with CIS controls, releasing ‘version one’ of the Controls Assessment Specification.
Developing the de facto automation platform for security measurement has been a strategic priority for Panaseer since its inception in 2014. It pioneered the category of Continuous Controls Monitoring (CCM), which provides enterprises with a trusted, unified view of assets and controls across business lines, regions and technology platforms. By enabling organisations to measure the performance of their assets and controls in an automated, data-driven way, it paved the way for them to more easily assess themselves against the CIS controls framework, and in particular to leverage the measurement guidance provided via Controls Assessment Specification.
This new development partnership combines CIS’s authoritative voice on controls best practice and Panaseer’s expertise in security measurement. Panaseer is reflecting the Controls Assessment Specification ‘version two’ within its CCM platform. Moving forward, the organisations will work together to develop future versions of the
Controls Assessment Specification that are tailored to automated measurement.
Example metrics and specifications from the Controls Assessment Specification ‘version two’ as translated into Panaseer’s CCM platform, include:
• The percentage of devices from the inventory that are missing from the company’s configuration management database (CMDB).
• The percentage of devices from the inventory that haven’t been scanned by a patch manager in the last 30 days, but are in scope to be scanned.
• The percentage of employees that have received security awareness training in the last 12 months.
