Who are they?
The Center of Internet Security (CIS) is a not-for-profit NGO that develops its own Configuration Policy Benchmarks (CPB). The CPB are essentially guidelines by which organizations can improve their cybersecurity and compliance programs and posture. This initiative aims to create community developed security configuration baselines for IT and Security products that are commonly used by organizations. in addition, CIS puts out a series of protocols called CIS Controls which are updated and reviewed through an informal community process from time to time.
The CIS’s Controls are recognized as some of the most comprehensive security baselines for most existing systems and are applicable to any industry that utilizes these technologies. The CIS is recommended by industry leaders such as the National Institute for Standards and Technology (NIST).
What is the Goal of the Regulation?
The purpose of CIS’s regulations is two-fold. The CIS Controls are a set of guidelines for securing a range of systems and devices. CIS Benchmarks are guidelines for specific operating systems, middleware, software applications, and network-connected devices, with a strong emphasis on proper configuration. This includes proper security settings for hardware and software on mobile devices, laptops, workstations, and servers. A substantial part of CIS’s recommendations involves proper authentication practices. The organization has laid down the best practices for multi-factor authentication and password strength. CIS Control 5 which deals with access and administrative privilege advocates for applying a variety of identifying factors in an