CIS Controls Releases Internet of Things Companion Guide

Jul 02, 2019


Internet of Things (IoT) devices aren't just invading our homes; these smart, connected machines are in the workplace and virtually every other public and private location we visit daily. To help secure this new frontier, CIS (Center for Internet Security, Inc.) is releasing the free CIS Controls Internet of Things Companion Guide to help organizations apply the CIS Controls to the IoT. The CIS Controls are internationally-recognized cybersecurity best practices for defense against common cybersecurity threats. They are used within a variety of industry sectors, and throughout local, state, and federal governments.

The new IoT guide helps organizations implement consensus-developed best practices using Version 7.1 of the CIS Controls, taking into consideration the unique environment and challenges posed by IoT technology.

Security Challenges for IoT

IoT devices include smart speakers, security cameras, door locks, window sensors, thermostats, headsets, watches, and more – all devices that may be integrated into a typical business IT environment, sometimes without the organization's knowledge. Employees often purchase devices, bring them to work, and connect them to the company network sans authorization from an IT administrator. This creates serious challenges from an asset management, vulnerability management, and governance perspective.

There are many legitimate use cases for IoT in the workplace. The CIS Controls companion guide focuses on security-related factors that should be analyzed before a purchase is made. These include the ability to manage authentication credentials (e.g., change a password, enable 2-factor authentication), encrypt network traffic, and receive software updates. A major factor of IoT is making sure devices are outfitted with all necessary security features before the purchase is made, as embedded devices don't get new functionality over time.

Related Articles

New summer release helps product marketers with the functionality that helps them stock, merchandise, and optimize the digital shelf.
According to new research, Cloud solution and service providers are expected to create significant opportunities for enterprise digital rights management platform vendors in terms of providing budget-effective solutions and services to customers.
Major enhancements to Chord personalized chat and content management workflows make the world's most intuitive personalization platform more capable than ever.