Framework for the Future: Connect Dots and Build Bridges with the New CIS Controls

Wednesday, May 04 | 4:15PM–5:00PM ET | Grand Ballroom VII-IX, 3rd Floor
Session Type: Breakout Session
Delivery Format: Presentation/Panel Session

The Center for Internet Security (CIS) Critical Controls got a major rewrite in 2021, reflecting core changes in today's computing and infrastructure environments. This presentation will highlight what’s new in version 8, why it’s well-suited for higher ed, and how two universities are using the updated framework to gain new risk insights and improve security across siloes. The CIS framework maps to a wide range of other formal frameworks (NIST 800-171/CUI, HIPAA, PCI-DSS, among others) and is measurable, specific, and practical to operationalize, which can help identify and prioritize quick wins for tight budgets. Recent research shows that adopting CIS’ basic set of recommendations defends against 78 percent of the most common attack techniques.


  • Cara Bonnett

    Technology Risk Assurance Manager, Duke University
  • Randy Marchany

    University IT Security Officer, Virginia Tech

Resources & Downloads

  • Framework for the Future Presentation

    Updated on 4/29/2022