Center for Internet Security and CREST partner for cyber risk management

The Center for Internet Security has formed a joint venture with CREST, the international not-for-profit accreditation and certification body, to help advance security and resilience to achieve better global cybersecurity.

As cyber threats continue to escalate to unprecedented levels globally, CIS and CREST said they are launching the CIS Controls Accreditation program to provide organisations a way to show customers and partners that their cybersecurity posture meets the best practice guidance as set forth in the CIS Critical Security Controls (CIS Controls), underpinned by the rigorous standards of CREST accreditation.

In a joint statement they said: “Establishing, maintaining, and proving an organisation’s security posture remains a high priority for business, government, and regulatory bodies. CIS Controls Accreditation is an exclusive opportunity for CIS SecureSuite Members (Controls, Consulting & Services, and Product Vendor) and CREST Members to offer consulting services to end user organisations who wish to demonstrate that their implementation of security best practices is guided and externally assessed in accordance with the training and validation defined by two renowned authorities in cybersecurity.”

“The ability to digest all the data and controls from various devices and systems is essential in this massive shift to evidencing security,” said Tom Brennan, executive director, CREST Americas Region. “Together, CIS Controls and CREST accreditations give our joint members an accelerated path to meet risk and compliance requirements in addition to providing a methodology for continuously monitoring their security posture. By using CREST on top of the CIS Controls, security professionals can monitor security from infrastructure that can be observed, tested, and enhanced.”

“CIS is pleased to partner with CREST to provide end user organisations a selection of recognised consultants to advise on the implementation of and assessment against the CIS Controls,” said Curtis Dukes, CIS executive vice president and general manager, Security Best Practices. “We see this as a significant step forward in our efforts to secure enterprises and safeguard against current and emerging threats.”