Who authored DoCRA and CIS RAM?
The authors are CIS RAM and DoCRA:
- CIS RAM was originally developed by HALOCK Security Labs in partnership with the Center for Internet Security (CIS).
- The principal author of both DoCRA and CIS RAM is Chris Cronin (Partner at HALOCK Security Labs; Chair of the DoCRA Council).
- DoCRA itself is maintained by the DoCRA Council, a nonprofit body that includes CIS among its founding members.
How are “Reasonable Security,” CIS RAM, and DoCRA related?
Reasonable Security is the legal requirement. DoCRA defines how to judge what’s reasonable by balancing risk and burden, and CIS RAM applies DoCRA in practice so organizations can demonstrate that their security decisions are justified and defensible.
DoCRA and CIS RAM work together as a standard-and-method pair:
- DoCRA provides the principles for determining what is “reasonable,” guiding analysts to balance risk reduction with the burden of safeguards and the impact on all affected parties.
- CIS RAM applies those DoCRA principles directly to the CIS Critical Security Controls, giving organizations worksheets, criteria, and a repeatable process to evaluate risks and justify their security decisions.
