Center for Internet Security (CIS) Releases Community Defense Model v2.0 for Cybersecurity

EAST GREENBUSH, N.Y., Sept. 29, 2021 /PRNewswire/ — Enterprises naturally want to know how effective the CIS Critical Security Controls® (CIS Controls®) – 18 top-level Controls containing 153 Safeguards that provide a prioritized path to improve an enterprise’s cybersecurity posture – are against the most prevalent cyber-attacks. The Center for Internet Security, Inc. (CIS®) answers that question and more through its Community Defense Model (CDM) v2.0, released today.

The model shows that the CIS Controls defend against approximately 86% of all ATT&CK (sub) techniques found in the MITRE ATT&CK® framework. Furthermore, Implementation Group 1 (IG1) of the Controls, the definition of essential cyber hygiene (formerly basic cyber hygiene), provides enterprises a high level of protection, positioning them to defend against the top five attack types – malware, ransomware, web application hacking, insider privilege and misuse, and targeted intrusions.

Implementation Group 1 (IG1), the group that is least costly and difficult to implement, are the Safeguards that every enterprise should deploy. For enterprises that face more sophisticated attacks or that must protect more critical data or systems, these Safeguards also provide the foundation for the other two Implementation Groups (IG2 and IG3).

“This year’s CDM findings strongly reinforce the value of a relatively small number of well-chosen and essential defensive steps found in IG1,” said Curtis Dukes, CIS Executive Vice President and General Manager, Security Best Practices. “As such, enterprises should aim to start with IG1 to obtain the highest value and work up to IG2 and IG3, as appropriate.”  

The findings in the CDM demonstrate the security value of the CIS Safeguards against the top five attack types:

  • Malware: 77% of Malware ATT&CK (sub-)techniques can be defended through implementation of IG1.
  • Ransomware: 78% of Ransomware ATT&CK (sub-)techniques are defended through implementation of IG1.
  • Web Application Hacking: 86% of Web Application Hacking ATT&CK (sub-)techniques are defended through implementing IG1 Safeguards.
  • Insider Privilege and Misuse: IG1 defends against 86% of the Insider Privilege and Misuse…