CIS (https://www.cisecurity.org/) is a forward-thinking nonprofit entity that harnesses the power of the global IT community to safeguard private and public organizations against cyber threats. Their CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks.

These proven guidelines are continually refined and verified by a volunteer global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for state, local, tribal, and territorial governments.

The CIS Controls

The CIS Controls are a prioritized set of actions to defend against the vast majority of the most common attacks.

Trusted by security leaders in both the private and public sector, the CIS Controls:

• Leverage the battle-tested expertise of the global IT community to defeat over 85% of common attacks
• Focus on proven best practices, not on any one vendor’s solution
• Offer the perfect on-ramp to execute compliance programs with mappings to PCI, NIST, ISO, and HIPAA

The First 6 CIS Controls

The First 6 CIS Controls are often referred to as providing cybersecurity "hygiene," and studies show that implementation of the First 5 CIS Controls provides an effective defense against the most common cyber attacks (~85% of attacks).

1. Inventory of Authorized and Unauthorized Devices
2. Inventory of Authorized and Unauthorized Software
3. Continuous Vulnerability Management
4. Controlled Use of Administrative Privileges
5. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
6. Maintenance, Monitoring and Analysis of Audit Logs

Fundamental Cyber Hygiene

The Center for Internet Security (CIS) refer to these as ‘Foundational Cyber Hygiene’ - the basic things that you must do to create a strong foundation for your defense. CIS believes that it is important to make a formal, conscious, top-level decision to make the CIS Controls part of the organization's standard for cybersecurity. Senior management and the Board of Directors should be onboard for support and accountability and implement the first 6 CIS Controls in their organizations as a minimum requirement.

More information about the CIS Critical Security Controls framework can be found at http://www.cisecurity.org/critical-controls.cfm . 

Through our CIS SecureSuite membership, Zenitel is further bolstering its cybersecurity defenses by leveraging CIS SecureSuite resources including CIS Benchmarks; consensus-based, internationally recognized security configuration resources, including CIS-CAT Pro; and CIS Controls, a set of cyber practices, developed by experts around the world, to stop today’s most pervasive and dangerous cyber attacks.

Zenitel Cybersecurity Hardening Guide

Zenitel has developed a Cybersecurity  Hardening Guide to help you approach your planning, based on The CIS Controls Version 7.1. To make this easier for you, we have compiled a set of security risks and mechanisms that you should evaluate when planning the cyber security for your IP intercom solutions.

This guide combines our experience applying the best practices developed by the Center for Internet Security to support end users and integrators in building a good cyber defense.