{"id":4485,"date":"2024-08-14T15:14:15","date_gmt":"2024-08-14T15:14:15","guid":{"rendered":"https:\/\/www.pax8.com\/blog\/?p=4485"},"modified":"2024-08-16T13:32:24","modified_gmt":"2024-08-16T13:32:24","slug":"community-based-cis-handbook","status":"publish","type":"post","link":"https:\/\/www.pax8.com\/blog\/community-based-cis-handbook\/","title":{"rendered":"Two new ways to sell more cybersecurity: CIS Controls Handbook and the Pax8 Marketplace"},"content":{"rendered":"

At Pax8, we take cybersecurity seriously. This is why we recommend our managed service provider (MSP) partners implement the CIS Security Controls<\/a>, a global framework with broad, yet simplified best practices for cybersecurity. But while the basics laid out by the CIS Controls offer plenty to chew on for MSPs looking to bolster their clients\u2019 cybersecurity, putting each of the 18 Controls and their safeguards into place is much easier said than done.<\/p>\n

What we discovered in our research was that there wasn\u2019t a single source of truth out there that explored each of the CIS Controls and how to effectively evaluate each of their components. We knew that for our partners to take full advantage of this framework, they needed to understand its nuance, context, and definitions clearly. That\u2019s why we worked with our partners and CIS directly to develop the \u201cCIS Controls Handbook: A Visual Guide to Evaluating Cybersecurity<\/a>.\u201d This comprehensive, proprietary resource offers visualizations for each Control and sub-Control so MSPs know the ins and outs of each and how they can begin to plan for implementation. Read on to learn how we made this mammoth endeavor happen.<\/p>\n

Bringing together the MSP community<\/h2>\n

We started by engaging the Center for Internet Security\u00ae<\/a> (CIS) itself. CIS is a global, community-driven nonprofit that works with individuals in the IT and cybersecurity industry to develop benchmarks for preventing and mitigating cyber threats.<\/p>\n

With this foundation in place, we sought and received input from more than 30 contributors spanning from IT professionals implementing cybersecurity measures to developers creating the products needed. With the help of our partners, we were able to learn more from those on the ground \u2014 what they did, what worked, and what their best practices were when it came to implementing CIS Controls.<\/p>\n

Our purpose<\/h2>\n

The purpose behind creating this visual handbook was to develop the go-to guide to assist security professionals in navigating how to align their cybersecurity stack with the CIS Critical Controls and Safeguards. To design this clear and actionable guide, we worked with our collaborators to create visual representations of each safeguard\u2019s language broken down into specific taxonomical elements. Because this framework is dense, developing a visual tool ensures a digestible way for MSPs to understand how the 153 safeguards that make up the CIS Controls interconnect.<\/p>\n

Furthermore, these visual mappings offer security teams an effective way to evaluate their understanding of the breadth and depth of each safeguard, identify knowledge and coverage gaps, and plan accordingly. While software vendors may find the guide useful to align their products and service features with the CIS Controls, our primary focus is supporting security teams in strengthening their preventative security measures.<\/p>\n

Behind the methodology<\/h2>\n

The handbook was born from an initiative to use the Controls\u2019 taxonomical elements to create a questionnaire that classified each vendor\u2019s products and services into the safeguards they serve. This involved creating a detailed evaluation criterion, including technical components and vendor attestation methods, to ensure that each solution provided comprehensive coverage for its corresponding safeguard. The result? We were able to classify and sort solutions that help MSPs and the organizations they serve meet each of the CIS Controls. Many of these solutions are available to provision in the Pax8 Marketplace<\/a>.<\/p>\n

How to use this document<\/h2>\n

This visual guide is not meant to replace the CIS Control guidelines; rather, it\u2019s meant to bolster the great work CIS is already doing. It’s helpful to first get acquainted with the CIS Controls, CIS Implementation Groups, CIS Benchmarks, and the broader CIS body of work. The guide also assumes a baseline knowledge of security principles. If you don\u2019t feel you have a solid grounding in this framework, our courses in Pax8 Academy<\/a> can get you up to speed.<\/p>\n

For an idea of how each of the Controls is mapped out, view the chart below:<\/p>\n

\"\"<\/p>\n

Also, you can watch our video walkthrough<\/a> to get started.<\/p>\n

How Pax8 is implementing this work into the Pax8 Marketplace<\/h2>\n

The substantial work we have done with the community around this project doesn\u2019t stop at a handbook. We\u2019ve taken the knowledge gleaned from our research and built it right back into the Pax8 Marketplace.<\/p>\n

Now, our partners have access to a new feature called Opportunity Explorer<\/a>.<\/p>\n

What is Opportunity Explorer?<\/h3>\n

Unveiled at this year\u2019s Pax8 Beyond, this feature leverages data to pinpoint and answer customer needs, offering actionable data insights for partners to provide tailored recommendations and identify sales opportunities. Opportunity Explorer was designed with the power of machine learning and data-driven insights and was built on the wisdom of our 35,000+ partners to help MSPs identify gaps in coverage and capitalize on sales opportunities. Partners can search, filter, and sort opportunities in a completely reimagined user interface.<\/p>\n

Here\u2019s just some of what this feature can do:<\/p>\n