Blog

Three people at a desk reviewing a cyber security checklist

Is Your Business Aligned with CIS 8.1? (Here’s Why It Matters—Even If You’re Not in IT)

VCISO and Compliance
May 08, 20252 min read

If you’re a partner, owner, or office manager at a small to mid-sized law, accounting, or healthcare practice—you’ve probably been hearing more about frameworks lately.

HIPAA. IRS Pub 4557. The ABA’s cybersecurity guidelines. Your cyber liability insurance renewal asking 50+ questions about MFA, backups, and endpoint protection.

It all starts to feel like a compliance alphabet soup.

But here’s the thing: there’s one framework quietly powering all of it—and if you’re not using it yet, you’re missing a big opportunity to get ahead (and stay protected).

That framework is CIS Controls version 8.1.

🔐 What Is CIS 8.1?

CIS stands for the Center for Internet Security. They’re a nonprofit that builds prioritized, practical steps organizations can take to reduce cyber risk.

Their framework—CIS Controls v8.1—isn’t some monster document only tech people can use. It’s actually designed to be practical and progressive, especially for small organizations.

Even better? It’s what insurance companies and regulators are starting to use as a measuring stick.

📋 Here’s Why That Should Matter to You

If you’re wondering:

  • “What do I really need in place to meet compliance?”

  • “How do I prepare for my cyber insurance renewal?”

  • “Are we secure—or just lucky so far?”

Then CIS 8.1 gives you a clear, structured roadmap.

🧱 The Controls Are Broken Into 3 Implementation Groups

Group 1 is where most SMBs should start. It’s focused on:

✅ Inventory of hardware/software
✅ Strong passwords and MFA
✅ Backups
✅ Antivirus/EDR
✅ User access control
✅ Security awareness training

It’s manageable. It’s actionable. And it builds a solid foundation.

Groups 2 and 3 scale with your business, adding more advanced practices as you grow or face more complex risks.

🧠 Why the Insurance Industry Cares

Most underwriters are now asking questions that map directly to CIS 8.1. Things like:

  • “Do you use MFA for remote access?”

  • “Are backups encrypted and tested?”

  • “Do you provide phishing simulations?”

They’re not just checking if you have cybersecurity tools—they want to know you’re using them in line with best practices.

And if you can show that your business is mapped to CIS? That’s a big green flag.

🛠️ What SMB Practices Should Do

You don’t need a full-time CISO or in-house IT team to get this right. But you do need a plan. With our BigView Secure, Secure Plus and VCISO service we can handle it for you.

At Big Water Technologies, we help firms map to the CIS Controls—starting with Group 1—and grow from there.

Whether you’re prepping for an insurance renewal, a client audit, or just want to sleep better at night knowing you’ve got your house in order—we can help.

📩 Want a quick review of where you stand on CIS 8.1? Let’s talk.

John Lowery is the CEO of BigWater Technologies, where he leads with a passion for innovation and excellence in delivering advanced IT solutions. With over two decades of experience in the tech industry, John specializes in strategic planning, operational efficiency, and driving customer success.

John Lowery

John Lowery is the CEO of BigWater Technologies, where he leads with a passion for innovation and excellence in delivering advanced IT solutions. With over two decades of experience in the tech industry, John specializes in strategic planning, operational efficiency, and driving customer success.

Back to Blog

Ready For A No-Nonsense Approach To IT?

  1. Hire us to set your IT strategy up for sustainable success.

  2. Learn about our proven No-Nonsense approach.

  3. Get an IT roadmap designed specifically for you.

  4. Fearlessly grow your business.

Get in Touch with us!

Call us at (248) 220-7714 or or fill out the form below.

Featured Posts

Three people at a desk reviewing a cyber security checklist

Is Your Business Aligned with CIS 8.1? (Here’s Why It Matters—Even If You’re Not in IT)

VCISO and Compliance
May 08, 20252 min read

If you’re a partner, owner, or office manager at a small to mid-sized law, accounting, or healthcare practice—you’ve probably been hearing more about frameworks lately.

HIPAA. IRS Pub 4557. The ABA’s cybersecurity guidelines. Your cyber liability insurance renewal asking 50+ questions about MFA, backups, and endpoint protection.

It all starts to feel like a compliance alphabet soup.

But here’s the thing: there’s one framework quietly powering all of it—and if you’re not using it yet, you’re missing a big opportunity to get ahead (and stay protected).

That framework is CIS Controls version 8.1.

🔐 What Is CIS 8.1?

CIS stands for the Center for Internet Security. They’re a nonprofit that builds prioritized, practical steps organizations can take to reduce cyber risk.

Their framework—CIS Controls v8.1—isn’t some monster document only tech people can use. It’s actually designed to be practical and progressive, especially for small organizations.

Even better? It’s what insurance companies and regulators are starting to use as a measuring stick.

📋 Here’s Why That Should Matter to You

If you’re wondering:

  • “What do I really need in place to meet compliance?”

  • “How do I prepare for my cyber insurance renewal?”

  • “Are we secure—or just lucky so far?”

Then CIS 8.1 gives you a clear, structured roadmap.

🧱 The Controls Are Broken Into 3 Implementation Groups

Group 1 is where most SMBs should start. It’s focused on:

✅ Inventory of hardware/software
✅ Strong passwords and MFA
✅ Backups
✅ Antivirus/EDR
✅ User access control
✅ Security awareness training

It’s manageable. It’s actionable. And it builds a solid foundation.

Groups 2 and 3 scale with your business, adding more advanced practices as you grow or face more complex risks.

🧠 Why the Insurance Industry Cares

Most underwriters are now asking questions that map directly to CIS 8.1. Things like:

  • “Do you use MFA for remote access?”

  • “Are backups encrypted and tested?”

  • “Do you provide phishing simulations?”

They’re not just checking if you have cybersecurity tools—they want to know you’re using them in line with best practices.

And if you can show that your business is mapped to CIS? That’s a big green flag.

🛠️ What SMB Practices Should Do

You don’t need a full-time CISO or in-house IT team to get this right. But you do need a plan. With our BigView Secure, Secure Plus and VCISO service we can handle it for you.

At Big Water Technologies, we help firms map to the CIS Controls—starting with Group 1—and grow from there.

Whether you’re prepping for an insurance renewal, a client audit, or just want to sleep better at night knowing you’ve got your house in order—we can help.

📩 Want a quick review of where you stand on CIS 8.1? Let’s talk.

John Lowery is the CEO of BigWater Technologies, where he leads with a passion for innovation and excellence in delivering advanced IT solutions. With over two decades of experience in the tech industry, John specializes in strategic planning, operational efficiency, and driving customer success.

John Lowery

John Lowery is the CEO of BigWater Technologies, where he leads with a passion for innovation and excellence in delivering advanced IT solutions. With over two decades of experience in the tech industry, John specializes in strategic planning, operational efficiency, and driving customer success.

Back to Blog

Enroll in Our Email Course

Learn How a No-Nonsense IT Strategy Benefits Your ComBullet listpany:

  • Strategies to allocate your IT budget efficiently

  • Enhance cybersecurity defenses on a bButtonudget

  • Ensure your technology investments continue to serve your business as it grows