CIS Critical Security Controls v7.1

Learn more about CIS Controls v8.1

Still need CIS Controls v7.1? Read on to learn more about this version of the CIS Controls.

With the release of CIS Controls v6 in October 2015, we put in place the means to better understand the needs of adopters, gather ongoing feedback, and understand how the security industry supports the CIS Controls. We used this to drive the evolution of v7 and also v7.1.

In addition to the critical tenets of cyber defense, we also tried to ensure that every CIS Control is clear, concise, and current. While there’s no magic bullet when defining security controls, we believe this version sets the foundation for much more straightforward and manageable implementation, measurement, and automation.

At CIS, we listen carefully to all of your feedback and ideas for the CIS Controls. In particular, many of you have asked for more help with prioritizing and phasing in the CIS Controls for your cybersecurity program. This topic deserved a substantial treatment and resulted in the creation of Implementation Groups (IGs). As such, the following principles were used to drive the v7.1 update.

• Reassess the prioritization scheme for the CIS Controls down to the level of Sub-Controls (now referred to as CIS Safeguards beginning in v8) given the evolving threat landscape and resource constraints;
• Fix minor typos and errors;
• Enhance the clarity and readability of the CIS Controls and Sub-Controls; and
• Refrain from adding or subtracting from the technical content, or “spirit,” of a CIS Control or Sub-Control.

When you download v7.1, you will receive:

• PDF
• Excel
• Change Log
• Implementation Groups

Controls v7.1 is available in these translations:

• Spanish
• Lithuanian
• Italian
• Japanese
• Estonian

Have Questions? We’re here to help. Go to Controls FAQs.