New Version Debuted in Live and Streaming Event in Washington, DC

ROSALYN, VA  CIS Executive Chairman John Gilligan, CIS President & COO Steve Spano, CIS Co-Founder and Board Member Frank Reeder, CIS Sr. V.P. & Chief Evangelist, Tony Sager, along with other CIS leadership and distinguished cybersecurity experts, launched the new CIS Controls Version 7 on Monday at New America, a Washington, D.C.-based think tank.

The CIS Controls V7 ( are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. They are a relatively short list of high-priority, highly effective defensive actions that provide a “do-first” starting point for every enterprise seeking to improve their cyber defense.

Link to CIS Controls Version 7 Launch Webinar:

“We are very proud to announce the release of Version 7 of the CIS Controls. The CIS Controls represent the feedback and best advice of a very large number of expert volunteers from across the world-wide cyber ecosystem. At CIS, we are driven by our mission: to help you navigate a fast-changing world of cyber-attacks, business demands, and technology,” said Tony Sager. “In addition to helping your organization build a foundation for effective cyber defense, Version 7 also sets the stage for future improvements in measurement, implementation, and alignment with other security frameworks,” he added.

Sager’s remarks included what was new in the CIS Controls V7 and James Tarala, Principle Consultant of Enclave Security, made a presentation on the evolution of the CIS Controls and the Demand for Training. Kathy Bortle, an Incident Response Specialist from the Virginia Information Technologies Agency, addressed participants on her agency’s positive experiences and history with the CIS Controls. Afterward, a panel including Greg Johnson, Vice President and Assistant General Auditor of the Federal Reserve Bank and Chris Conin, a Partner in Halock Security Labs discussed the CIS Controls V7.

Key principles for the CIS Controls V7 include:


Ø  Addressing current attacks, emerging technology, and changing mission/business requirements for IT: As part of our fundamental promise, the CIS Controls have been updated and re-ordered to reflect both the availability of new cybersecurity tools and changes in the current threat landscape that all organizations are facing.

Ø  More focus on key topics like authentication, encryptions, and application whitelisting: Guidance for each of these major security topics is covered in detail by CIS Controls V7 in a clearer, stronger, and more consistent fashion across the entire CIS Controls.

Ø  Better alignment with other frameworks: The CIS Controls V7 are mapped to the NIST Cybersecurity Framework (

Ø  Improvement of the consistency and simplifying the wording of each sub-control – one “ask” per sub-control: The community worked tirelessly to clarify and simplify each CIS Control, making it easier for users to follow along. By eliminating multiple tasks within a single sub-control, the CIS Controls are easier to measure, monitor, and implement.

Ø  Setting the foundation for a rapidly growing “ecosystem” of related products and services from both CIS and the marketplace: We have much more documented experience with adopters and vendors since Version 6; for V7 we make it easier for everyone to understand, track, import, integrate the CIS Controls into products, services, and corporate decision-making.

Ø  Some structural changes in layout and format: To help keep the Controls relevant and adaptive to various different organizations, we’ve restructured our content to be more flexible than before.

Ø  Reflect the feedback of a world-side community of volunteers, adopters, and supporters: We are only as strong as the amazing volunteers that support us and we hope to continue to provide a means of gathering and harnessing the global cybersecurity community for the benefit of everyone.

The CIS Controls V7 are available now for download, free of charge, at

About CIS

CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. Our CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. SLTT government entities. To learn more, visit or follow us on Twitter: @CISecurity.