Compliance Manager GRC - CIS v8
Includes Frameworks for All 3 Implementation Groups.
Download DatasheetMeet the Center For Internet Security Critical Security Controls (CIS v8) Framework
CIS v8 Framework – Overview:
The Center for Internet Security (CIS) Critical Security Controls is a comprehensive cybersecurity framework that outlines a set of IT protocols and associated “Safeguards” designed to help organizations improve their security postures and reduce their risk of cyber-threats. The framework, now in Version 8 (v8), covers the following 18 categories of security controls:
CIS Control 1: Inventory and Control of Enterprise Assets
CIS Control 2: Inventory and Control of Software Assets
CIS Control 3: Data Protection
CIS Control 4: Secure Configuration of Enterprise Assets and Software
CIS Control 5: Account Management
CIS Control 6: Access Control Management
CIS Control 7: Continuous Vulnerability Management
CIS Control 8: Audit Log Management
CIS Control 9: Email and Web Browser Protections
CIS Control 10: Malware Defenses
CIS Control 11: Data Recovery
CIS Control 12: Network Infrastructure Management
CIS Control 13: Network Monitoring and Defense
CIS Control 14: Security Awareness and Skills Training
CIS Control 15: Service Provider Management
CIS Control 16: Application Software Security
CIS Control 17: Incident Response Management
CIS Control 18: Penetration Testing
Three Templates For Three Different Implementation Groups
CIS Critical Security Controls consist of multiple Safeguards that need to be implemented depending upon the maturity level of the Implementation Group, and Compliance Manager GRC includes separate standard templates for each level:
Implementation Group 1 (IG1):
IG1 is the foundational set of cyber defense Safeguards that every enterprise should apply to guard against the most common attacks. It consists of 56 Safeguards that are designed to work in conjunction with small or home office commercial off-the-shelf (COTS) hardware and software. IG1 enterprises are typically small to medium-sized with limited IT and cybersecurity expertise to dedicate towards protecting IT assets and personnel.56
Safeguards
Implementation Group 2 (IG2):
IG2 is comprised of an additional 74 Safeguards that build upon the 56 Safeguards identified in IG1 (130 Safeguards in total). The Safeguards selected for IG2 can help security teams cope with increased operational complexity. Some Safeguards will depend on enterprise-grade technology and specialized expertise to properly install and configure. Small enterprise units may have regulatory compliance burdens. IG2 enterprises often store and process sensitive client or enterprise information and can withstand short interruptions of service.+74
Safeguards
Implementation Group 3 (IG3):
IG3 is comprised of an additional 23 Safeguards that build upon the Safeguards identified in IG1 and IG2, totaling the 153 Safeguards in CIS Controls v8. An IG3 enterprise commonly employs security experts that specialize in the different facets of cybersecurity (e.g., risk management, penetration testing, application security). IG3 assets and data contain sensitive information or functions that are subject to regulatory and compliance oversight.+23
Safeguards
Total Safeguards153
Manage Your Security with the Tools You Already Use
Compliance Manager GRC allows you to use all your current IT security tools, software, and systems to meet the safeguard requirements of the CIS v8 framework…..while you maintain compliance with all your other IT requirements, regardless of source . The built-in framework management template allows you to quickly determine if you can ”check the boxes” for every requirement, identifies the gaps, and automatically prepares all of the documents you need for compliance.
Request a Demo today and discover the advantages of Compliance Manager GRC, the purpose built-built compliance process management platform for MSPs and IT departments that manage their own IT governance, risk and compliance.
GET A DEMOFull-Featured to Manage the CIS Controls v8 Framework Along with All Your Other IT Requirements.
Compliance Manager GRC is simple to use, and you don’t have to be a compliance expert to manage the specific parameters for the CIS Controls v8 Framework. Pick the Implementation Group and Compliance Manager GRC automatically loads the specific requirements and controls you need to implement to adhere to the framework. Best of all, you can also track everything that’s in scope for your IT operation at the same time, and on the same dashboard, regardless of source.
Which Implementation Group Is Right For You?
CIS Critical Security Controls consist of multiple Safeguards that need to be implemented depending upon the Maturity Level of the Implementation Group, and Compliance Manager GRC includes separate standard templates for each level:
Implementation Group 1 (IG1):
is ideal for small to medium-sized enterprises with limited IT and cybersecurity expertise. Examples of businesses that can benefit from IG1 include local restaurants, small retailers, and regional banks. With IG1, safeguards can be implemented with ease and aimed at thwarting general, non-targeted attacks. MSPs and Internal IT Professionals can benefit from implementing IG1 by providing their clients or organizations with a cost-effective and easy-to-implement cybersecurity solution. IG1 safeguards can help protect sensitive employee and financial information, ensuring business continuity, and reducing the risk of data breaches.
Implementation Group 2 (IG2):
is designed for organizations that employ individuals responsible for managing and protecting IT infrastructure. Examples of businesses that can benefit from IG2 include healthcare providers, financial services firms, and local governments. With IG2, safeguards help security teams cope with increased operational complexity and may depend on enterprise-grade technology and specialized expertise to properly install and configure. MSPs and Internal IT Professionals can benefit from implementing IG2 by offering their clients or organizations a more robust and comprehensive cybersecurity solution. IG2 safeguards can help protect sensitive client or enterprise information, ensuring compliance with regulatory requirements, and reducing the risk of reputational damage in the event of a data breach.
Implementation Group 3 (IG3):
is perfect for organizations that employ security experts that specialize in the different facets of cybersecurity. Examples of businesses that can benefit from IG3 include large financial services firms, healthcare providers with a significant patient data, and government agencies. With IG3, safeguards are designed to address availability of services and the confidentiality and integrity of sensitive data. Successful attacks can cause significant harm to the public welfare. MSPs and Internal IT Professionals can benefit from implementing IG3 by providing their clients or organizations with the most advanced and comprehensive cybersecurity solution available. IG3 safeguards can help protect against targeted attacks from sophisticated adversaries, ensuring compliance with regulatory requirements, and reducing the risk of significant reputational damage and public harm in the event of a data breach.
Overcome the Biggest IT Challenges and Responsibilities
- Reduce Risk
- Reduce Complexity
- Save Money