- May 3, 2022: CIS v8 now supported.
- October 1, 2021: Control Insights Executive Summary report now available.
- July 28, 2021: Published.
Control Insights leverages externally observable Bitsight telemetry to interpret the state of an organization’s security controls and assess whether or not security controls are effectively implemented.
Use the Control Insights Executive Summary report to concisely share your organization’s control current evaluation and history with your stakeholders.
Select a framework from the Framework drop-down menu at the top-left of the Control Insights page.
- Support for CIS v8 and v7.1 (CIS Critical Security Controls) Framework.
- View for controls, understanding the evaluation of each control and the insights that lead to the evaluation determination.
- Helpful context in-situ with controls descriptions, all listed sub-controls.
- The ability to submit a user-provided evaluation state per control.
- Companies have more internal information than Bitsight and should be able to add their own perspective.
Safeguards (v8)/Sub-Controls (v7.1)
- Users can also work with the specific sub-controls in each control to get a more granular understanding of what is and isn’t working well.
- Filter via implementation group to work with specific implementation groups.
Implementation Group 1:
This is for small, commercial off-the-shelf or home office software environments where sensitivity of the data is low and will typically fall under IG1. Remember, any IG1 steps should also be followed by organizations in IG2 and IG3.
Implementation Group 2:
This is focused on helping security teams manage sensitive client or company information that fall under IG2. IG2 steps should also be followed by organizations in IG3.
Learn more about implementation groups from the Center for Internet Security, “CIS Critical Security Controls Implementation Groups.”
Implementation Group 3:
Reduces the impact of zero-day attacks and targeted attacks from sophisticated adversaries typically fall into IG3. IG1 and IG2 organizations may be unable to implement all IG3 safeguards/sub-controls.
States of Control
Each control is evaluated as a whole every month based on the positive or negative insights for the control. Each control is evaluated as:
- Acceptable: The control is evidently working. There is at least 1 positive insight and 0 negative insights in the control for the month.
- Needs Improvement: The control may not be working effectively from what evidence can be seen. There is at least 1 negative insight in the control for the month.
- Not Enough Data: There are no positive or negative insights for the month, there was not enough data to make a relevant insight. They primarily focus on internal data or other data that cannot be covered, but are still presented in the Bitsight platform to provide full context.