CIS Critical Security Controls v7.1
CIS Critical Security Controls v8 is now available
The CIS Critical Security Controls (CIS Controls) have been updated to keep up with the ever-changing cyber ecosystem. CIS Controls v8 has been enhanced to keep up with modern systems and software. Movement to cloud-based computing, virtualization, mobility, outsourcing, Work-from-Home, and changing attacker tactics prompted the update and supports an enterprise’s security as they move to both fully cloud and hybrid environments. Learn more about CIS Controls v8.
Still need CIS Controls v7.1? Below you’ll find documents and resources to aid your implementation.
Quick navigation – click a resource type to jump to that section
Companion Guides for CIS Controls v7.1
CIS Controls v7.1 Translations
Learn about CIS Controls v7.1
Start by downloading the CIS Controls
The CIS Controls are a prioritized set of actions developed by a global IT community. They help protect organizations and their data from known cyber attack vectors. This set of best practices is trusted by security leaders in both the private and public sector and help defeat over 85% of common attacks.
Download CIS Controls v7.1 (read FAQs)
Learn how the CIS Controls are developed
In an ever-growing mix of hundreds of potential cybersecurity concerns and even more proposed solutions, CIS applies the Pareto Principle – the concept that for many activities, roughly 80% of the effects come from 20% of the causes– to help prioritize cybersecurity actions.
Download A Prioritized Approach using the Pareto Principle
Interested in seeing how others implement the CIS Controls?
Industry professionals and organizations all around the world utilize the CIS Controls to enhance their organization’s cybersecurity posture. Check out recent case studies to learn more.
Read CIS Controls Case Studies
CIS Controls v7 Poster
Learn about the basic, foundational, and organizational breakdown of the CIS Controls along with 5 keys for building a cybersecurity program with this downloadable poster.
Download CIS Controls v7 Poster
Tools and Resources
Assess your implementation of the CIS Controls
The CIS Controls Self-Assessment Tool, or CIS CSAT, is a free web application that enables security leaders to track and prioritize their implementation of the CIS Controls.
Access CIS CSAT
Measure your application of the CIS Controls v7.1 Implementation Group 1
The CIS Controls Assessment Module helps organizations measure their application of the CIS Controls v7.1 Implementation Group 1 in Windows 10 environments.
Read more about CIS Controls Assessment Module
Access the Business Impact Analysis tool
The Ransomware Business Impact Analysis tool applies scores for ransomware-related Controls to estimate an enterprise’s likelihood of being affected by a ransomware attack. Those who have already started an assessment using CIS-Hosted CSAT can import the scores from that assessment.
Assess your risk with CIS RAM
CIS Risk Assessment Method is a free information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls™ cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
Download CIS RAM(read FAQs)
What’s changed?
Cybersecurity is an evolving industry with an endless list of threat actors. The tools we use to stay safe and secure must be updated to match the current threat landscape. Find out how CIS Controls v7 was updated from v6.1.
Download CIS Controls v7 Change Log
Look at measures and metrics
Want to see how well your organization is implementing the CIS Controls?
Download CIS Controls v7 Measures & Metrics
Learn how the CIS Controls v7.1 break into Implementation Groups
Discover the CIS Sub-Controls in Implementation Groups that help organizations of different classes focus their security resources.
Download CIS Controls v7.1 Implementation Groups
Companion Guides
Small- or Medium-Sized Enterprises (SME)
This guide seeks to empower the owners of small and medium-sized enterprises (SMEs) to help them protect their businesses with a small number of high priority actions based on the CIS Controls – a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities.
Download SME Guide
Industrial Controls System (ICS) Environments
On this document, we provide guidance on how to apply the security best practices found in CIS Controls v7 to ICS environments. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
Download ICS Guide
Cloud Environments
In this document, we provide guidance on how to apply the security best practices found in CIS Controls v7 to any cloud environment from the consumer/customer perspective. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
Download Cloud Companion Guide and track your progress with a downloadable spreadsheet
Mobile Devices
In this document, we provide guidance on how to apply the security best practices found in CIS Controls v7 to mobile environments. The CIS Controls Mobile Companion Guide helps organizations implement the consensus-developed best practices using CIS Controls v7 for phones, tablets, and mobile applications.
Download Mobile Companion Guide and track your progress with a downloadable spreadsheet
Internet of Things (IoT)
In this document, we provide guidance on how to apply the security best practices found in CIS Controls v7.1 to IoT environments.
Download Internet of Things Companion Guide and track your progress with a downloadable spreadsheet
Microsoft Windows 10 Environment
In this document, we offer practical guidance on cyber hygiene for Microsoft Windows 10 users.
Download Microsoft Windows 10 Cyber Hygiene Guide and track your progress with a downloadable spreadsheet
CIS Hardware and Software Asset Tracking Spreadsheet (English)
CIS Hardware and Software Asset Tracking Spreadsheet (Arabic)
CIS Controls Telework and Small Office Network Security Guide
This Guide is meant to assist individuals and organizations in securing commodity routers, modems, and other network devices. Securing these devices is important as there are serious cybersecurity considerations surrounding the usage of network devices.
Download the Telework and Small Office Network Security Guide
Exploited Protocols: Remote Desktop Protocol (RDP)
Download the Exploited Protocols: Remote Desktop Protocol (RDP) Guide
Community Defense Model
Download the Community Defense Model Guide
Establishing Essential Cyber Hygiene Through a Managed Service Provider
Download Establishing Essential Cyber Hygiene Through a Managed Service Provider White Paper
CIS Controls v7.1 Mappings
These spreadsheets provide information on the organization’s requirements and how they map to CIS Controls v7.1. Download individual mappings below or visit our CIS Controls Navigator for all mappings to CIS Controls.
CIS Controls v7.1 Translations
The CIS Controls v7 have been translated into the following languages:
- Spanish
- Lithuanian
- Italian
- Japanese
- Estonian