Free Trial

CIS Security

 

Comprehensive CIS Support

The CSC-20 Controls

Cavirin and CIS

Cavirin has taken the lead in mapping the CSC-20 into a set of technical controls covering PCI, NIST, ISO, HIPAA, and others. This includes Docker, Kubernetes, Android, and the new CIS Microsoft Azure Foundations Benchmark. CIS is really the foundation on which other technical control families are developed, and are the gold standard for the following reasons:

  • Updated by cyber experts based on actual attack data pulled from a variety of public and private threat sources.
  • CIS Controls are likely to prevent majority of cyber-attacks.
  • Concise, prioritized set of cyber practices created to stop today's most pervasive and dangerous cyber-attacks.
  • These provide metrics for IT personnel to understand, continuously diagnose and mitigate risks, and automate defenses to ensure compliance with the controls.

 

The CIS CSC is Referenced by the U.S. Federal Government in the NIST Cybersecurity Framework and other guidelines, and validated by the Australian government. It is also recommended by the U.S. National Governor’s Association, the UK’s Centre for the Protection of National Infrastructure (CPNI), Symantec, Zurich Insurance, and others.

A way of connecting the CSC-20 to actual technical controls is via the NIST CSF. Each of the 20 controls relates to one of the five CSF core functions: Identify, Protect, Detect, Respond, and Recover. As an example, CSC-4, Continuous Vulnerability Assessment and Remediation, maps to NIST Identity Risk Assessment, or ID.RA. The flow depicts this mapping in greater detail, from the core function through the specific policy.

More information available on the NIST Solution page.

Detailed mapping with the Identity function as an example

 

eBook

The Enterprise Journey to the Hybrid Cloud

Demand for the Hybrid Cloud is growing at an ever increasing rate. Gartner predicts the Hybrid Cloud will become the most common form of cloud consumption, by 2020, as the nal barriers give way to the new normal in enterprise information technology (IT). This eBook walks you through the steps required to building a world-class Hybrid Cloud infrastructure from setting goals and developing consensus to building and deploying secure hybrid workloads.

 

Download eBook

© 2018 Cavirin Systems, Inc. All rights reserved.