Panaseer Selected as a CIS Development Partner
November 09, 2021
November 9, 2021, London and New York: Panaseer, an enterprise security company, today announces that it has partnered with the Center for Internet Security, Inc. (CIS®) to further the development of its Control Assessment Specification.
The newly developed ‘version two’ of the Controls Assessment Specification, will provide guidance on the metrics a company should use to assess how well they are complying with ‘version eight’ of the CIS critical security controls.
CIS is a community-driven non-profit organisation that leads a global community of IT professionals to continuously evolve standards and provide products and services to proactively safeguard against emerging security threats. It has years of experience in advising organisations on which controls to prioritise and how to implement them. In 2019 CIS took their first steps into recommending what metrics organisations should measure to assess their compliance with CIS controls, releasing ‘version one’ of the Controls Assessment Specification.
Developing the de facto automation platform for security measurement has been a strategic priority for Panaseer since its inception in 2014. It pioneered the category of Continuous Controls Monitoring (CCM), which provides enterprises with a trusted, unified view of assets and controls across business lines, regions and technology platforms. By enabling organisations to measure the performance of their assets and controls in an automated, data-driven way, it paved the way for them to more easily assess themselves against the CIS controls framework, and in particular to leverage the measurement guidance provided via Controls Assessment Specification.
This new development partnership combines CIS’ authoritative voice on controls best practice and Panaseer’s expertise in security measurement. Panaseer is reflecting the Controls Assessment Specification ‘version two’ within its CCM platform. Moving forward, the organisations will work together to develop future versions of the Controls Assessment Specification that are tailored to automated measurement.
Example metrics and specifications from the Controls Assessment Specification ‘version
two’ as translated into Panaseer’s CCM platform, include:
- The percentage of devices from the inventory that are missing from the company’s configuration management database (CMDB).
- The percentage of devices from the inventory that haven’t been scanned by a patch manager in the last 30 days, but are in scope to be scanned.
- The percentage of employees that have received security awareness training in the last 12 months.
Leila Powell, Lead Data Scientist, Panaseer: ‘We are thrilled to be selected as a development partner for CIS. Helping create measurement guidance, applicable to CCM, is a hugely important step in driving adoption of an automated, data-driven approach to measurement. Both Panaseer and CIS recognise that CCM is the future of good controls posture – to continually ensure against controls drift, improve accuracy, trust and repeatability of measurement and reduce the current reporting burden on security teams.’
Phyllis Lee, Senior Director, CIS Critical Security Controls: ‘The author of a framework should be the authoritative source on how you measure success in that framework. You need to be continuously monitoring controls to make sure that your security metrics are within your set threshold and you’re doing what you need to do to stay compliant. We look forward to further developing the Controls Assessment Specification for automated measurement in collaboration with Panaseer to meet this need.’