HomeCIS Critical Security ControlsThe 18 CIS Critical Security Controls

The 18 CIS Critical Security Controls

Formerly the SANS Critical Security Controls (SANS Top 20) these are now officially called the CIS Critical Security Controls (CIS Controls).

CIS Controls Version 8.1 includes updated alignment to evolving industry standards and frameworks, revised asset classes and CIS Safeguard descriptions, and the addition of the “Governance” security function.

 

Click on the individual CIS Control for more information:

 

CIS Control 1: Inventory and Control of Enterprise Assets

 

CIS Control 2: Inventory and Control of Software Assets

 

CIS Control 3: Data Protection

 

CIS Control 4: Secure Configuration of Enterprise Assets and Software

 

CIS Control 5: Account Management

 

CIS Control 6: Access Control Management

 

CIS Control 7: Continuous Vulnerability Management

 

CIS Control 8: Audit Log Management

 

CIS Control 9: Email and Web Browser Protections

 

CIS Control 10: Malware Defenses

 

CIS Control 11: Data Recovery

 

CIS Control 12: Network Infrastructure Management

 

CIS Control 13: Network Monitoring and Defense

 

CIS Control 14: Security Awareness and Skills Training

 

CIS Control 15: Service Provider Management

 

CIS Control 16: Application Software Security

 

CIS Control 17: Incident Response Management

 

CIS Control 18: Penetration Testing

 

Learn how you can use the CIS Controls to strengthen your cyber defenses in the video below.

 

Information Hub

CIS Controls

White Paper07.09.2024
Keep the Cloud Secure with CIS after Migrating to the Cloud
Read More
White Paper07.09.2024
CIS Controls v8 Mapping to GSMA FS.31 Baseline Security Controls v3.0
Read More
White Paper07.03.2024
CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 2
Read More
Press Release06.25.2024
Center for Internet Security Releases CIS Controls v8-1 with New Governance Recommendations
Read More