HomeCIS Critical Security ControlsCIS Controls Resources

CIS Controls

Follow our prioritized set of actions to protect your organization and data from cyber-attack vectors.

Select Category
About the CIS Critical Security Controls
About the CIS Critical Security Controls
Environment-Specific Guidance
Assess and Measure
Implementation Tools/Guidance
Minimize Your Threats
Other Security Frameworks
Success Stories
Training, Webinars, & Podcasts
Translations
Filter by Version
All Versions
Clear Filters

Want to learn more about CIS Controls as a whole? Review our main Controls documentation to learn about what the Controls and Safeguards are, what Implementation Groups (IGs) are, how to move from one version to the next, and what our Asset Classes mean.

CIS Controls v8.1

CIS Controls v8.1 is an iterative update to v8. It includes updated alignment to evolving industry standards and frameworks, revised asset classes and CIS Safeguard descriptions, and the addition of the “Governance” security function introduced in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0..

Includes PDF, Excel, and Implementation Groups for v8.1, as well as a Change log for v8 to v8.1.

A Roadmap to the CIS Critical Security Controls

There is a broader ecosystem that surrounds the CIS Controls that offers guidance, tools, resources, mappings, and more to help facilitate the adoption and implementation of the framework. This guide will help adopters understand what is available to them, where to start, and how to put it all together.

Guide to Asset Classes

In v8.1, CIS restructured Asset Classes and their respective definitions to ensure consistency throughout the Controls. Download to learn more about our naming conventions and what they mean.

CIS Controls Implementation Groups (IGs)

Implementation Groups (IGs) are the recommended guidance to prioritize implementation of the CIS Controls. In an effort to assist enterprises of every size, IGs are divided into three groups. They are based on the risk profile and resources an enterprise has available to them to implement the CIS Controls.

CIS Controls v8

CIS Controls v8 helps you keep on top of your evolving workplace, the technology you need to support it, and the threats confronting those systems. It places specific emphasis on moving to a hybrid or fully cloud environment and managing security across your supply chain.

Includes PDF, Excel, and Implementation Groups for v8, as well as a Change log for v7.1 to v8.

Guide to Enterprise Assets and Software

CIS simplified the language in v8 to provide enterprises guidance on how enterprise assets and software are organized in the CIS Controls and to help explain what we mean when we say things like “Establish and Maintain Detailed Enterprise Asset Inventory."

CIS Controls v7.1

CIS Controls v7.1 introduced the concept of prioritization with the inclusion of Implementation Groups (IGs).

Includes PDF, Excel, and Implementation Groups for v7.1, as well as a Change log for v7 to v7.1

Controls FAQs

Looking for information about the CIS Controls? Check out this Frequently Asked Questions (FAQ) page to get answers to your inquiries!

CIS WorkBench

Use your expertise in risk, security, compliance, and elsewhere to contribute to the CIS Controls! Join our free CIS Controls global collaborative platform on CIS WorkBench.

CIS Controls

Looking to learn more about the 18 top-level CIS Controls? Check out these pages to gain an understanding of each Control and why they are critical.

Information Hub

White Paper02.13.2025
CIS Year in Review 2024
Read More
White Paper02.07.2025
CIS Controls v8.1 Mapping to MCSB v1
Read More
Media Mention02.06.2025
2025 Homeland Security Threat Forecast: Multidimensional- Physical, Cyber, Information Operations- Threats
Read More
Media Mention02.06.2025
2025 Homeland Security Threat Forecast Parts II and III
Read More