HomeCIS Critical Security ControlsThe 18 CIS Critical Security Controls

The 18 CIS Critical Security Controls

Formerly the SANS Critical Security Controls (SANS Top 20) these are now officially called the CIS Critical Security Controls (CIS Controls).

CIS Controls Version 8.1 includes updated alignment to evolving industry standards and frameworks, revised asset classes and CIS Safeguard descriptions, and the addition of the “Governance” security function.

 

Click on the individual CIS Control for more information:

 

CIS Control 1: Inventory and Control of Enterprise Assets

 

CIS Control 2: Inventory and Control of Software Assets

 

CIS Control 3: Data Protection

 

CIS Control 4: Secure Configuration of Enterprise Assets and Software

 

CIS Control 5: Account Management

 

CIS Control 6: Access Control Management

 

CIS Control 7: Continuous Vulnerability Management

 

CIS Control 8: Audit Log Management

 

CIS Control 9: Email and Web Browser Protections

 

CIS Control 10: Malware Defenses

 

CIS Control 11: Data Recovery

 

CIS Control 12: Network Infrastructure Management

 

CIS Control 13: Network Monitoring and Defense

 

CIS Control 14: Security Awareness and Skills Training

 

CIS Control 15: Service Provider Management

 

CIS Control 16: Application Software Security

 

CIS Control 17: Incident Response Management

 

CIS Control 18: Penetration Testing

 

Learn how you can use the CIS Controls to strengthen your cyber defenses in the video below.

 

Information Hub

CIS Controls

Blog Post10.04.2024
11 Cyber Defense Tips to Stay Secure at Work and Home
Read More
Blog Post09.23.2024
CIS Controls Community Volunteer Spotlight: Shane Markley
Read More
White Paper09.20.2024
Establishing Essential Cyber Hygiene Version 8.1
Read More
White Paper09.19.2024
Guide to Asset Classes: CIS Critical Security Controls v8.1
Read More