CIS Controls® at a Glance
The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. Today, thousands of cybersecurity practitioners from around the world use the CIS Controls and/or contribute to their development via a community consensus process.
With the CIS Controls, You Can...
Simplify Your Approach to Threat Protection
The CIS Controls consist of Safeguards that each require you to do one thing. This simplified cybersecurity approach is proven to help you defend against today's top threats. Learn more in our CIS Community Defense Model v2.0.
Comply with Industry Regulations
By implementing the CIS Controls, you create an on-ramp to comply with PCI DSS, HIPAA, GDPR, and other industry regulations. View our Mapping and Compliance page for more information.
Achieve Essential Cyber Hygiene
Almost all successful cyber attacks exploit “poor cyber hygiene” like unpatched software, poor configuration management, and outdated solutions. The CIS Controls include foundational security measures that you can use to achieve essential hygiene and protect yourself against a cyber attack.
Translate Information into Action
Modern systems and software are dynamic in nature. By enacting the CIS Controls, you support your assets' evolving needs in a meaningful way and align your security efforts with your business goals.
Abide by the Law
Multiple U.S. States require executive branch agencies and other government entities to implement cybersecurity best practices. Several of them specifically mention the CIS Controls as a way of demonstrating a "reasonable" level of security.
CIS Controls® at a Glance
The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. Today, thousands of cybersecurity practitioners from around the world use the CIS Controls and/or contribute to their development via a community consensus process.
With the CIS Controls, You Can...
Simplify Your Approach to Threat Protection
The CIS Controls consist of Safeguards that each require you to do one thing. This simplified cybersecurity approach is proven to help you defend against today's top threats. Learn more in our CIS Community Defense Model v2.0.
Comply with Industry Regulations
By implementing the CIS Controls, you create an on-ramp to comply with PCI DSS, HIPAA, GDPR, and other industry regulations. View our Mapping and Compliance page for more information.
Achieve Essential Cyber Hygiene
Almost all successful cyber attacks exploit “poor cyber hygiene” like unpatched software, poor configuration management, and outdated solutions. The CIS Controls include foundational security measures that you can use to achieve essential hygiene and protect yourself against a cyber attack.
Translate Information into Action
Modern systems and software are dynamic in nature. By enacting the CIS Controls, you support your assets' evolving needs in a meaningful way and align your security efforts with your business goals.
Abide by the Law
Multiple U.S. States require executive branch agencies and other government entities to implement cybersecurity best practices. Several of them specifically mention the CIS Controls as a way of demonstrating a "reasonable" level of security.
The 18 Top-Level CIS Controls
The CIS Controls consist of 18 overarching measures that help strengthen your cybersecurity posture. They prioritize activities over roles and device ownership. That way, you can implement the CIS Controls in a way that works for you.
Narrow Your Focus with the Safeguards
Formerly known as "Sub-Controls," the Safeguards are specific and unique actions that guide the logic of the 18 top-level CIS Controls. Each Safeguard defines measurement as part of the process and requires minimal interpretation to implement.
Let the Implementation Groups Guide Your Efforts
The Implementation Groups (IGs) help you prioritize your implementation of the CIS Controls and Safeguards. You can begin with Implementation Group 1 (IG1). The definition of essential cyber hygiene, IG1 represents an emerging minimum standard of information security and of protection against common attacks for all. IG2 and IG3 build on the foundation laid by IG1.
CIS Controls Free Resources
From mappings to companion guides, policy templates, and more, you have everything you need to make the most of the CIS Controls. And it doesn't cost a cent to use them.
CIS Controls Navigator
Want to see how the CIS Controls fit into your broader security program? You can use our CIS Controls Navigator to see how they map to other security standards.
CIS Critical Security Controls Ambassadors
Our Ambassadors represent, speak for, volunteer on, and promote the CIS Critical Security Controls (CIS Controls), supporting resources, and tools.
Get the Latest Version of the CIS Controls Today!
CIS Controls v8.1 help you keep on top of your evolving workplace, the technology you need to support it, and the threats confronting those systems. It places specific emphasis on moving to a hybrid or fully cloud environment and managing security across your supply chain.
Looking for the Previous Version?
CIS Controls v8 along with supporting tools and resources are available for download.
CIS Controls v7.1 along with supporting tools and resources are available for download.
Note: CIS Controls v8.1 provides backwards compatibility with previous versions and a migration path for users of prior versions to move to v8.