Framework for the Future: Connect Dots and Build Bridges with the New CIS Controls

The Center for Internet Security (CIS) Critical Controls got a major rewrite in 2021, reflecting core changes in today's computing and infrastructure environments. This presentation will highlight what’s new in version 8, why it’s well-suited for higher ed, and how two universities are using the updated framework to gain new risk insights and improve security across siloes. The CIS framework maps to a wide range of other formal frameworks (NIST 800-171/CUI, HIPAA, PCI-DSS, among others) and is measurable, specific, and practical to operationalize, which can help identify and prioritize quick wins for tight budgets. Recent research shows that adopting CIS’ basic set of recommendations defends against 78 percent of the most common attack techniques.