|
|
Secure Your Configuration
 |
The only consensus-based, best-practice security configuration guides |
|
Developed through a collaborative process, leveraging the expertise of IT security professionals from around the world |
|
Trusted and recognized by businesses, industry leaders, government entities, and academia |
Protect Your Organization
|
Prioritized and prescriptive path defining how to achieve cybersecurity |
|
Developed by a community of cybersecurity experts |
|
Mapped to multiple legal, regulatory, and policy frameworks, simplifying cybersecurity compliance |
Assess and Remediate at Scale
|
Access multiple cybersecurity resources including CIS-CAT® Pro, CIS CSAT Pro, and more |
|
Customize CIS Benchmarks and tailor security recommendations to your organization’s needs |
|
Receive enhanced cybersecurity support from CIS experts |
Support for U.S. Government Organizations
|
MS-ISAC is the key resource for cyber threat prevention, protection, response, and recovery for all SLTT government entities. It is a voluntary and collaborative effort based on a strong partnership between CIS, SLTT government organizations, and the U.S. Department of Homeland Security (DHS). |
|
EI-ISAC supports the cybersecurity needs of the election community with resources, guidance, training, and tools tailored for the unique nature of election security. |
Select Mappings
Select the mappings you would like to apply to the Controls list. The list will be filtered based on your selection and can be further refined by selecting sub-groups from the mappings on the main page.
HELP
The following page shows a list of CIS Safeguards that can be filtered by Implementation Groups (IGs) and other security frameworks and exported to a csv file for your reference. This is a great resource if your business requires adherence to certain security frameworks like MITRE ATT&CK and ISO 27001 but you wish to use CIS's automated tools like CSAT or CIS-CAT.
Note that all Safeguards within IG 1 are also a part of IG 2 and IG 3. All Safeguards within IG 2 are also within IG 3.
FILTERING
To filter by Implementation Group, click the IG number at the top of the table. The table will filter automatically.
Click "Add" above the Mapping section to filter by specific frameworks. Select one or more mappings from the dialog box and hit "Apply Mappings". All subsections of the mappings will be automatically applied and the table will filter to only those Safeguards that are mapped to one or more of the selected frameworks. Subsections of the mappings can be added or removed in the associated section under "Mappings" by clicking anywhere on the framework's box.
CHANGING INCLUDED SAFEGUARDS
Additional Safeguards can be added to or removed from filtered results. To show all Safeguards, click "Show Unchecked Safeguards", then select those you'd like to include. To remove, deselect the checkboxes of those you wish to remove, then hit "Hide Unchecked Safeguards". This is useful if you wish to export customized information - only selected Safeguards will be exported, along with any relevant IG and mapped framework information.
Filters for Mappings and Implementation Groups can be applied concurrently. Clicking "Reset Filters" will reset the page back to its starting state.
Click here to download a copy of the CIS Safeguards and learn more about Implementation Groups.
|
September 15, 2021
[INFOGRAPHIC] The 5 Ws for Building a Strong Cybersecurity Plan Read More |
World-Renowned Best Practices and Expert Communities
More Details 
More Details
More Details
More Details
What The Experts
Are Saying
|
The CIS Controls take the background and knowledge of cybersecurity experts literally around the world and help focus efforts on things that are of most value. Directly impacting the adversaries and challenges we face today on our networks. Harley Parkes, Director IACD (Integrated Adaptive Cyber Defense) |
Without this resource, the hardening of our devices would have taken a lot longer and required many meetings between IT and Security to debate which configuration settings to change and the impact they could have. The CIS Benchmarks provided the necessary information to alleviate many of the fears IT may have had with changing specific settings. Adam Banking Information Security Engineer |
We work with sensitive information on a daily basis. The CIS Controls along with CIS-CAT Pro, a proven and indispensable tool, helps us to evaluate and maintain a security baseline for our IT infrastructure. Sasawat Malaivongs, Business Director ACinfotec |
Together, We Can Make a Difference
Our CIS Controls and CIS Benchmarks communities connect IT security practitioners from around the globe to secure our ever-changing world. We hope you’ll add your voice.
Why We Do What We Do
At CIS, we believe in secure online experiences for all. We’re driven by our mission to develop, validate, and promote timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.
Advisory
•
14 Sep 2021
Advisory
•
14 Sep 2021
Know What Information Is Being Collected When You Visit a Website
When visiting unknown websites, be vigilant about protecting your identity. Remember that some information is automatically made visible to the site. If the site you're visiting is malicious, the files on your computer, as well as passwords stored in the temporary memory, may be at risk.
