CIS Controls Companion Guide for the Cloud Now Available

Call For Public Comments On The Internet Of Things Companion Guide Is February 12 – 28 

EAST GREENBUSH, N.Y., Feb. 13, 2019 /PRNewswire/ — The CIS ControlsCloud Companion Guide is now available.

“Working with an army of global adopters and cybersecurity experts, the CIS Controls team has created a new companion guide to help organizations break down and map the applicable CIS Controls and their implementation in cloud environments using consensus-developed best practices,” said Tony Sager, CIS® Senior Vice President, and Chief Evangelist. “It’s another great example of the CIS Community model – sharing labor and ideas to create products that can help every enterprise conduct a security assessment and develop an improvement roadmap,” he added.

Cloud Challenge: Sharing the Responsibility
One of the main challenges in applying best practices to cloud environments is the knowledge that these systems operate under different assumed security responsibilities than traditional on-premises environments. There is often a shared security responsibility between the user and the cloud provider. In the CIS Controls Cloud Companion Guide, CIS identifies who is responsible for cloud security tasks outlined in the CIS Controls that are specific to the service models:

  • IaaS (Infrastructure as a Service)
  • PaaS (Platform as a Service)
  • SaaS (Software as a Service)
  • FaaS (Function as a Service)

The guide also takes into consideration the special mission and business requirements found in cloud environments. It examines unique risks (vulnerabilities, threats, consequences, and security responsibilities) to cloud environments.

Call for Comments for the CIS Internet of Things (loT) Companion Guide is 2/12/19 to 2/28/19

CIS is finalizing updates and revisions for the release of its CIS Controls Internet of Things Companion Guide. Before the guide is finalized, CIS is issuing a global request for input and feedback. “The CIS Controls have always been the product of the vast community of adopters, vendors, and supporters, and this loT Guide will be no exception. Your challenges and priorities define our roadmap, and your feedback provides value to the entire global community,” said Tony Sager.

CIS invites individuals and organizations to join the discussion and help us determine best practices securing IoT environments. To participate, login to CIS WorkBench, and navigate to our CIS Controls IoT Community, where you will find helpful documentation and be able to join discussion forums on each CIS Sub-Control.

Visit the IoT Community on CIS WorkBench:

About CIS
CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks.

To learn more, visit or follow us on Twitter: @CISecurity.