A Roadmap to the CIS Critical Security Controls

The CIS Critical Security Controls (CIS Controls) are a set of best practice recommendations that defend against the most common cyber attacks. The CIS Controls themselves are the framework. However, there is a broader ecosystem that surrounds the CIS Controls that offers guidance, tools, resources, mappings, and more to help facilitate the adoption and implementation of the framework.

At times, it can be overwhelming to implement any security framework. Challenges arise such as deciding what to do first, understanding what tools are available for implementation/measurement, and finding how to get help, if needed.

The Center for Internet Security^® (CIS^®) has developed this guide to help adopters of the CIS Controls to understand what is available to them, where to start, and how to put it all together. This guide is broken down into six main sections: Assess and Measure, Implementation Resources/Tools, Minimization of Threats, External Frameworks, Collaboration, and Training and Speaking Engagements. Note that the resources mentioned throughout this guide support adoption of CIS Controls v8.1, v8, and/or v7.1.