The Importance of CorpInfoTech's CIS Accreditation
In November of 2023, CorpInfoTech became the first CIS controls accredited organization under CREST and the Center for Internet Security. This achievement highlights the expertise CorpInfoTech shows in implementing the controls both inside and outside our organization. For our clients, this accreditation provides confidence that as a managed service provider (MSP) we are practicing what we preach in cybersecurity. For potential customers, this achievement sets our services apart from the rest as a company that pursues external validation and recognition from others in the field. Continue reading to learn more about the importance of the CIS Controls and why our accreditation is important for SMBs seeking security help.
What are The CIS Controls?
The CIS Security Controls are a comprehensive framework designed to help organizations of all sizes, especially small-to-medium-sized businesses (SMBs), enhance their cybersecurity posture. These controls are strategic and actionable, offering a prioritized, community-supported pathway for effective implementation. Each control addresses a specific cybersecurity domain and contains multiple safeguards or sub controls. These safeguards are then separated into three Implementation Groups, each one representing a particular “risk size”.
The Center for Internet Security (CIS) designed the controls with the following aspects in mind:
- Offense Informs Defense
- Focus
- Feasible
- Measurable
- Alignment
For SMBs, the CIS Controls provide several advantages. The Controls are technologically agnostic, scalable, and proven effective against advanced cyber threats. The Controls do not revolve around specific software, hardware or infrastructure making their implementation possible regardless of an SMBs setup. Additionally, the Controls are built to align neatly with several of the most common regulatory frameworks including HIPAA, DFARS, CMMC, and NIST 800-171.
How Are the Controls Structured?
The CIS Controls are a framework of 18 controls that each address a specific security domain. Within each of these controls are various safeguards or sub controls that organizations can implement into their security practices. These safeguards are practical and provide business with tangible security results. To further organize these safeguards, there are three "implementation groups" that each represent a certain risk profile.
Implementation Group 1 -
IG1 describes essential cyber hygiene practices that every organization should have implemented. These safeguards are effective against non-targeted, general attacks that businesses face every day.
Implementation Group 2 -
IG2 provides safeguards for organizations that are required to manage cyber risks across multiple departments. As different segments of a business collide, more risk profiles are created.
Implementation Group 3 -
IG3 aids organizations that have various risk profiles and are responsible for highly sensitive or regulatory data. These controls will help organizations protect against sophisticated cyber-attacks.
Why is a CIS Accreditation Important?
For SMBs desiring to implement the CIS Controls correctly and efficiently, while also measuring progress and demonstrating compliance to stakeholders, seeking out the services of a CIS accredited provider is important.
A CIS accredited provider is an organization that has undergone a rigorous and independent audit by Crest, an international accreditation body, to verify that they have the expertise, experience, and quality standards to deliver CIS Controls-based services. These services include assessment, implementation, and consulting on the CIS Controls framework. The requirements for becoming an accredited organization are stringent and emphasize the level of expertise needed to provide guidance on the CIS Controls.
As the first CIS accredited organization, CorpInfoTech has exhibited expertise in the implementation of the CIS Controls both within our organization as well as our clients. This achievement highlights CorpInfoTech’s willingness to undergo external validation and brings with it an extra layer of trust between us and our clients. Business owners can be confident that the company handling their cybersecurity needs is not only self-assured in their abilities but also externally validated by an objective third-party.
We have used the CIS Controls since their inception in 2008 and have considered them our North star, guiding everything we do. Our track record of valuable services and this accreditation are proof that CorpInfoTech is capable of protecting our client’s data and ensuring operational integrity.
Download CorpInfoTech’s CIS Controls whitepaper below:
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services, including security assessment, cybersecurity penetration tests, managed services (MSP), firewall management, and vulnerability management. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.