CIS Controls
Follow our prioritized set of actions to protect your organization and data from cyber-attack vectors.
By implementing the CIS Controls, you create an on-ramp to comply with the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and other industry regulations. View our many mappings to see how your Controls program can work together with other frameworks.
CIS Controls Navigator
Want to see how the CIS Controls fit into your broader security program? You can use our CIS Controls Navigator to see how they map to other security standards and frameworks.
Mapping and Compliance
By implementing the CIS Controls, you create an on-ramp to comply with PCI DSS, HIPAA, GDPR, and other industry regulations. View our Mapping and Compliance page for more information.
CIS Controls Mappings v8.1
Download individual mappings below or visit our CIS Controls Navigator for all mappings to CIS Controls v8.1.
- CA N/CIOSC 104 2021 Baseline Cyber Security Controls for Small and Medium Organizations
- CISA Cybersecurity Performance Goals (CPGs) v1.0.1
- The Digital Operational Resilience Act (DORA) Regulation (EU) 2022/2554
- Cybersecurity Maturity Model Certification (CMMC) v2.0
- Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) v4
- Healthcare and Public Health Sector-Specific Cybersecurity Performance Goals (HPH CPGs)
- International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001:2022
- Network and Information Security 2 (NIS2) Directive 2022/2555
- NIST Cybersecurity Framework (CSF) 2.0
- NIST SP 800-171 Rev.2
- Criminal Justice Information Services (CJS) Security Policy v6
- NIST SP 800-53 Rev. 5 (Moderate and Low Baselines)
- Cyber Risk Institute Profile v.20
- New York State Department of Financial Services (NYDFS) Part 500
- NIST SP 800-171 Rev 3
- Payment Card Industry Data Security Standard (PCI DSS) v4.0
- CIS Controls v8.1 Mapping to SOC2
- CIS Controls v8.1 Mapping to TSA SD Pipeline 2021-02
- Controls v8.1 Mapping to ISACA COBIT 19
- Health Insurance Portability and Accountability Act (HIPAA)
- North American Electric Reliability Corporation-Critical Infrastructure Protection (NERC-CIP) Standards
- CIS Controls v8.1 Mapping to MCSB v1
- CIS Controls v8.1 Mapping to ASD Essential Eight
- CIS Controls v8.1 Mapping to FFIEC CAT
- CIS Controls v8.1 Mapping to GSMA FS.31 Baseline Security Controls v4.0
- CIS Controls v8.1 Mapping to NCSC CAF v3.2
- CIS Controls v8.1 Mapping to NCSC Cyber Essentials v3.1
- CIS Controls v8.1 Mapping to NZISM v3.8
CIS Controls Mappings v8
Download individual mappings below or visit our CIS Controls Navigator for all mappings to CIS Controls v8.
- AICPA SOC 2
- Australian Signals Directorate's (ASD) Essential Eight
- Azure Security Benchmark v3
- Cloud Security Alliance Cloud Control Matrix (CSA CCM)
- CISA Cybersecurity Performance Goals (CPGs) v1.0.1
- Criminal Justice Information Services (CJIS) v5.9
- Cybersecurity Maturity Model Certification (CMMC) v2.0
- Cyber Risk Institute (CRI) Profile v1.2
- Federal Financial Institutions Examination Council Cybersecurity Assessment Tool (FFIEC-CAT)
- GSMA FS.31 Baseline Security Controls v2.0
- Health Insurance Portability and Accountability Act (HIPAA)
- International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001:2022
- ISACA COBIT 19
- MITRE Enterprise ATT&CK v8.2
- New York State Department of Financial Services (NYDFS) 23 NYCRR Part 500
- New Zealand Information Security Manual (NZISM) v3.5
- NIST Cybersecurity Framework (CSF) 1.1
- NIST Cybersecurity Framework (CSF) 2.0
- NIST SP 800-53 Rev. 5 (Moderate and Low Baselines)
- NIST SP 800-171 Rev. 2
- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP Standards)
- Payment Card Industry Data Security Standard (PCI DSS) v4.0
- Transportation Security Administration (TSA) Security Directive Pipeline 2021-02
- UK NCSC Cyber Essentials v2.2
- UK NCSC Cyber Assessment Framework v3.1
CIS Controls Mappings v7.1
Download individual mappings below or visit our CIS Controls Navigator for all mappings to CIS Controls v7.1.
- Cybersecurity Maturity Model Certification (CMMC) v1.0
- International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001:2013
- NIST Cybersecurity Framework (CSF) 1.1
- NIST SP 800-53 Rev. 4 Low Baseline
- NIST SP 800-171 Rev. 2
- Payment Card Industry Data Security Standard (PCI DSS) v3.2.1
- CIS Controls v7.1 Mapping to NIST OLIR Submission V1