Implementation Guide: The 20 CIS Controls for ICS Cybersecurity
The 20 CIS Controls are about getting cybersecurity done. This framework considers the factors of people, process and technology, and uses straightforward language to reflect that philosophy. Although these controls were originally developed by the Center for Internet Security (CIS) to guide enterprise IT cybersecurity and data protection, adoption among critical infrastructure companies is rapidly increasing because of increased cyber threats to industrial control systems (ICS).
This implementation guide adapts the 20 CIS Controls for the unique needs of industrial control systems and offers helpful tips from ICS experts who have real-world experience using these controls in operational technology (OT) systems. This guide will help you to:
|Assess which controls are not fully implemented in your environment|
|Prioritize implementation based on your organization’s business drivers|
|Evaluate the best way to implement the controls in an industrial environment|