The CISA (Cybersecurity & Infrastructure Security Agency) Critical Product Guidance (CPG) provides specific advice on securing various critical infrastructure products, while the CIS (Center for Internet Security) Controls V8 is a set of best practices designed to help organizations protect themselves from security threats.
The CISA CPG's mapping to the CIS V8 framework is not a one-to-one correlation because the two are designed with different purposes in mind. However, the CISA CPG's recommendations can often be seen as supporting the implementation of certain CIS Controls. Here's how we map it in our MeasureRISK service offering Inventory and Control of Enterprise Assets and Software Assets (CIS Controls 1 & 2):
Data Protection (CIS Control 3):
Secure Configuration of Enterprise Assets and Software (CIS Control 4):
Account Management (CIS Control 5):
Access Control Management (CIS Control 6):
Continuous Vulnerability Management (CIS Control 7):
Audit Log Management (CIS Control 8):
Email and Web Browser Protections (CIS Control 9):
Malware Defenses (CIS Control 10):
Data Recovery (CIS Control 11):
Network Infrastructure Management (CIS Control 12):
Security Awareness and Skills Training (CIS Control 13):
Service Provider Management (CIS Control 14):
Application Software Security (CIS Control 15):
Incident Response and Management (CIS Control 16):
Penetration Testing (CIS Control 17):
Control Systems (CIS Control 18):
The mapping can be more specific and nuanced based on the detailed recommendations in CISA's CPGs and the specific sub-controls and implementation groups within CIS Controls V8. Organizations looking to align these two sets of guidance should review the specific recommendations and controls in detail and consider how the advice in CPGs supports the implementation of CIS Controls in their specific environment. CISA has many resources available to help you be proactive about risk
Caldwell, NJ, 01/29/2024 – Proactive Risk announces a strategic partnership with Dragos Inc., a leading force in industrial control systems (ICS) and operational technology (OT) cybersecurity, to offer cutting-edge, sensor-based cybersecurity solutions for the drinking water and wastewater sectors. This collaboration empowers local municipalities with affordable, comprehensive cybersecurity services, addressing everything from policy framework and cyber resilience to regulatory compliance.
The Dragos Platform, renowned for its exceptional industrial cybersecurity technology, grants unparalleled visibility into ICS/OT assets, vulnerabilities, and threats, and integrates Dragos’s top-tier OT threat intelligence. This community-focused model promotes collective defense among a wide industrial network, offering extensive threat visibility. This union allows Proactive RISK to expand its portfolio with leading cybersecurity products and services, specifically designed for the unique needs of the water sector’s OT, ICS, and SCADA systems. “As OT cybersecurity demands intensify, our alliance with Dragos strengthens our commitment to protect the vital infrastructure we rely on daily from emerging cyber threats,” remarks Robert Lee, CEO of Dragos. Notably, the Dragos Platform was honored with the 2023 SC Award for Best Industrial Security Solution and was titled Best Incident Response Solution by SC Awards Europe in June. The collaboration also leverages the Dragos Global Partner Program, enhancing Proactive RISK’s capabilities in OT cybersecurity through comprehensive technology, services, and threat intelligence. For additional information about this partnership, visit www.proactiverisk.com/ot |
CategoriesTom BrennanThis is my blog, there are many like it but this one is mine. Enjoy. BLOG Archives
February 2025
|