CIS Controls Internet of Things Companion Guide

New Resource Helps Organizations Apply the CIS Controls to the loT

Internet of Things (IoT) devices aren’t just invading our homes; these smart, connected machines are in the workplace and virtually every other public and private location we visit daily. To help secure this new frontier, CIS® (Center for Internet Security, Inc.) is releasing the free CIS Controls® Internet of Things Companion Guide to help organizations apply the CIS Controls to the IoT. The CIS Controls are internationally-recognized cybersecurity best practices for defense against common cybersecurity threats. They are used within a variety of industry sectors, and throughout local, state, and federal governments.

“The volume, variety, and velocity of the IoT security challenge makes the CIS approach to best practices more important than ever,” said Tony Sager, CIS Senior Vice President and Chief Evangelist. “As always, our guidance is accessible, vendor-neutral, and in alignment with both established security frameworks and industry solutions.”

The new IoT guide helps organizations implement consensus-developed best practices using Version 7.1 of the CIS Controls, taking into consideration the unique environment and challenges posed by IoT technology.

Security challenges for IoT
IoT devices include smart speakers, security cameras, door locks, window sensors, thermostats, headsets, watches, and more – all devices that may be integrated into a typical business IT environment, sometimes without the organization’s knowledge. Employees often purchase devices, bring them to work, and connect them to the company network sans authorization from an IT administrator. This creates serious challenges from an asset management, vulnerability management, and governance perspective.

There are many legitimate use cases for IoT in the workplace. The CIS Controls companion guide focuses on security-related factors that should be analyzed before a purchase is made. These include the ability to manage authentication credentials (e.g., change a password, enable 2-factor authentication), encrypt network traffic, and receive software updates. A major factor of IoT is making sure devices are outfitted with all necessary security features before the purchase is made, as embedded devices don’t get new functionality over time.

A Team Effort
The creation and ongoing development of the CIS Controls Internet of Things Companion Guide is thanks to a wide-community of dedicated IoT security professionals.

Download the guide:
https://www.cisecurity.org/white-papers/cis-controls-internet-of-things-companion-guide/

Download CIS Controls V7.1:
https://learn.cisecurity.org/20-controls-download