HomeInsightsBlog PostsCIS Introduces IDEA Alliance to Drive Diversity and Inclusion in the Workplace

6 New Policy Templates to Help You Enact CIS

Many security frameworks require you to create a policy. A policy identifies procedures you can use to meet the requirements of a security standard. As such, a policy helps to formalize one or more security controls as ongoing processes instead of ad hoc engagements, which provides better protection to your enterprise and your data.

The Center for Internet Security® (CIS®) understands the importance of using policies to implement the CIS Critical Security Controls® (CIS Controls®). We also know how difficult it can be to create a policy on your own, especially when you're working to establish essential cyber hygiene as a foundation via Implementation Group 1 (IG1). That's why we've created several policy templates to help you enact IG1 in your enterprise!

Your Launchpad for Essential Cyber Hygiene

We designed all of our policy templates to function as a “jumping off point” for when you're drafting your own policies. Using these policy templates, you can work to meet your cybersecurity goals around establishing essential cyber hygiene at a faster pace than if you were working alone.

Want to learn more about laying a foundation of essential cyber hygiene? Check out our video below.

 

How To Use the Policy Templates

Let's be clear about how to use the  available policy templates . To clarify, they will not be enough to construct a full policy suite. You will need other policies to address additional technology governance needs.

Furthermore, each policy represented in a policy template is not a silo. Many of the policies include applicable CIS Safeguards from multiple CIS Controls. For instance, the Secure Configuration Management Policy Template specifically addresses CIS Control 4, but it can also help you accomplish many different Controls at the same time.

Start Fulfilling the IG1 Safeguards Today

The true value of the policy templates is that they're designed to supplement CIS Controls v8 and v8.1. You can therefore use them to help fulfill the Safeguards in IG1. Looking ahead, it's possible that future versions of these policy templates will expand their focus to the Safeguards of Implementation Group 2 (IG2) and Implementation Group 3 (IG3).

Ready to get a head start on creating a security policy for your enterprise?

Download a CIS Controls Policy Template
Download a CIS Controls Policy Template