CIS Critical Security Controls Version 8.1
The CIS Critical Security Controls (CIS Controls) are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks.
CIS Controls version 8.1 (v8.1) is an iterative update to version 8.0. As part of our process to evolve the CIS Controls, we establish "design principles" that guide us through any minor or major updates to the document. Our design principles for this revision are context, clarity, and consistency.
- Context enhances the scope and practical applicability of Safeguards by incorporating specific examples and additional explanations.
- Clarity aligns with other major security frameworks to the extent practical, while preserving the unique features of the CIS Controls.
- Consistency maintains continuity for existing CIS Controls users, ensuring little to no change due to this update.
Learn about CIS Controls v8.1
Start by downloading the CIS Controls
The CIS Controls are a prioritized set of actions developed by a global IT community. This set of best practices is trusted by security leaders in both the private and public sector.
Download CIS Controls v8.1
Interested in seeing how others implement the CIS Controls?
Industry professionals and organizations all around the world utilize the CIS Controls to enhance their organization’s cybersecurity posture. Check out recent case studies to learn more.
Read CIS Controls Case Studies
State Legislation Leveraging the CIS Controls
See how the CIS Controls are being leveraged from state to state.
Learn more
Tools and Resources
CIS CSAT Ransomware Business Impact Analysis Tool
Organizations can evaluate their likelihood of experiencing a ransomware attack and its potential impacts by using the CIS CSAT Ransomware Business Impact Analysis (BIA) tool. This utility has been created by CIS in partnership with Foresight Resilience Strategies (4RS). The BIA tool applies scores for ransomware-related Safeguards to estimate an enterprise’s likelihood of being affected by a ransomware attack; those who have already started an assessment using CIS-Hosted CSAT can import the scores from that assessment. Get started assessing your ransomware risks today!
Assess your Implementation of the CIS Controls
The CIS Controls Self-Assessment Tool, or CIS CSAT, is a free web application that enables security leaders to track and prioritize their implementation of the CIS Controls.
What's Changed?
Cybersecurity is an evolving industry with an endless list of threat actors. The tools we use to stay safe and secure must be updated to match the current threat landscape. Find out how CIS Controls v8.1 was updated from v8.
Download CIS Controls v8.1 Change Log
CIS Controls v8.1 Implementation Groups
Implementation Groups (IGs) provide a simple and accessible way to help organizations of different classes focus their scarce security resources, and still leverage the value of the CIS Controls program, community, and complementary tools and working aids.
Download the Implementation Groups Handout
Assess your risk with CIS RAM
CIS Risk Assessment Method is a free information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
Download the CIS RAM v2.1 brochure
Interested in learning more about CIS RAM?
Consider taking our no-cost introductory course on Salesforce’s Trailhead application.
CIS Controls Assessment Specification
CIS Controls Assessment Specification provides an understanding of what should be measured in order to verify that the Safeguards are properly implemented.
Policy Templates
CIS assembled a working group of policy experts to develop the information security policy templates. These policy templates align with CIS Controls v8 and v8.1, enabling enterprises to formalize their efforts around addressing the Safeguards in Implementation Group 1 (IG1). They cater exclusively to IG1 Safeguards; they do not address Implementation Group 2 (IG2) or Implementation Group 3 (IG3) Safeguards.
Companion Guides
CIS Critical Security Controls v8.1 Industrial Control Systems (ICS) Guide
CIS Controls version 8.1 (v8.1) is an iterative update to version 8.0. As part of our process to evolve the CIS Controls, we establish "design principles" that guide us through any minor or major updates to the document.
Guide to Asset Classes: CIS Critical Security Controls v8.1
In v8.1, the Center for Internet Security® (CIS®) restructured Asset Classes and their respective definitions to ensure consistency throughout the Controls. Adopters of the CIS Controls should use this guide as a reference during activities such as implementation or auditing to verify that all in-scope assets are being accounted for and are secured.
Establishing Essential Cyber Hygiene
When tasked to implement a cybersecurity program, many enterprises ask “How do we get started?” In response, the CIS Controls Community sorted the Safeguards in the Controls into three Implementation Groups (IGs) based on their difficulty and cost to implement.
CIS Controls v8.1 Mappings
Download individual mappings below or visit our CIS Controls Navigator for all mappings to CIS Controls v8.1.
