CIS Controls v8.1 Cloud Companion Guide
In this document, we provide guidance on how to apply the security best practices found in CIS Controls v8.1 to any cloud environment from the consumer/customer perspective. For each top-level CIS Control, there is a brief discussion on how to interpret and apply the CIS Control in such environments along with any unique considerations or differences from common IT environments.
By reading through CIS Controls v8.1 with this companion guide, the reader should be able to tailor the CIS Controls in the context of a specific IT/Operational Technology (OT) cloud enterprise as an essential starting point for a security improvement assessment and roadmap. (We should mention that OT is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes, and events in the enterprise.)
Finally, this document is also aimed at guiding enterprises involved in the agile software development process via utilization of cloud-based services. DevSecOps, which is short for "development, security, and operations," automates the integration of security at every phase of the software and its underlying infrastructure development life cycle, from initial design through integration, testing, deployment, and software delivery. CIS Control 16 will cover these aspects.