CIS Critical Security Controls

Follow our prioritized set of actions to protect your organization and data from cyber-attack vectors.

Download CIS Controls V8

CIS Controls at a Glance

The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. Today, thousands of cybersecurity practitioners from around the world use the CIS Controls and/or contribute to their development via a community consensus process.

Watch video

With the CIS Controls, You Can...

Simplify Your Approach to Threat Protection

The CIS Controls consist of Safeguards that each require you to do one thing. This simplified cybersecurity approach is proven to help you defend against today's top threats. Learn more in our CIS Community Defense Model v2.0.


Comply with Industry Regulations

By implementing the CIS Controls, you create an on-ramp to comply with PCI DSS, HIPAA, GDPR, and other industry regulations. View our Mapping and Compliance page for more information.


Achieve Essential Cyber Hygiene

Almost all successful cyber attacks exploit “poor cyber hygiene” like unpatched software, poor configuration management, and outdated solutions. The CIS Controls include foundational security measures that you can use to achieve essential hygiene and protect yourself against a cyber attack.


Translate Information into Action

Modern systems and software are dynamic in nature. By enacting the CIS Controls, you support your assets' evolving needs in a meaningful way and align your security efforts with your business goals.


Abide by the Law

Multiple U.S. States require executive branch agencies and other government entities to implement cybersecurity best practices. Several of them specifically mention the CIS Controls as a way of demonstrating a "reasonable" level of security. 

We use the CIS Controls to help our clients achieve compliance with state and federal cybersecurity regulations. The CIS 18 are prioritized, easy to understand, and extremely cost-effective for small to mid-size organizations looking to prove they are secure enough to do business in today’s marketplace. I highly recommend starting with CIS in building your cybersecurity program.
Jim Long
Managing Partner - The Long Law Firm, PLLC
Overview

CIS Controls at a Glance

The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. Today, thousands of cybersecurity practitioners from around the world use the CIS Controls and/or contribute to their development via a community consensus process.

Watch video

With the CIS Controls, You Can...

Simplify Your Approach to Threat Protection

The CIS Controls consist of Safeguards that each require you to do one thing. This simplified cybersecurity approach is proven to help you defend against today's top threats. Learn more in our CIS Community Defense Model v2.0.


Comply with Industry Regulations

By implementing the CIS Controls, you create an on-ramp to comply with PCI DSS, HIPAA, GDPR, and other industry regulations. View our Mapping and Compliance page for more information.


Achieve Essential Cyber Hygiene

Almost all successful cyber attacks exploit “poor cyber hygiene” like unpatched software, poor configuration management, and outdated solutions. The CIS Controls include foundational security measures that you can use to achieve essential hygiene and protect yourself against a cyber attack.


Translate Information into Action

Modern systems and software are dynamic in nature. By enacting the CIS Controls, you support your assets' evolving needs in a meaningful way and align your security efforts with your business goals.


Abide by the Law

Multiple U.S. States require executive branch agencies and other government entities to implement cybersecurity best practices. Several of them specifically mention the CIS Controls as a way of demonstrating a "reasonable" level of security. 

We use the CIS Controls to help our clients achieve compliance with state and federal cybersecurity regulations. The CIS 18 are prioritized, easy to understand, and extremely cost-effective for small to mid-size organizations looking to prove they are secure enough to do business in today’s marketplace. I highly recommend starting with CIS in building your cybersecurity program.
Jim Long
Managing Partner - The Long Law Firm, PLLC
Features

The 18 Top-Level CIS Controls

The CIS Controls consist of 18 overarching measures that help strengthen your cybersecurity posture. They prioritize activities over roles and device ownership. That way, you can implement the CIS Controls in a way that works for you.

Explore the CIS Controls

Narrow Your Focus with the Safeguards

Formerly known as "Sub-Controls," the Safeguards are specific and unique actions that guide the logic of the 18 top-level CIS Controls. Each Safeguard defines measurement as part of the process and requires minimal interpretation to implement. 


Let the Implementation Groups Guide Your Efforts

The Implementation Groups (IGs) help you prioritize your implementation of the CIS Controls and Safeguards. You can begin with Implementation Group 1 (IG1). The definition of essential cyber hygiene, IG1 represents an emerging minimum standard of information security and of protection against common attacks for all. IG2 and IG3 build on the foundation laid by IG1.

Learn More

Resources

CIS Controls Free Resources

From mappings to companion guides, policy templates, and more, you have everything you need to make the most of the CIS Controls. And it doesn't cost a cent to use them.

Discover Your Options Today

CIS Controls Navigator

Want to see how the CIS Controls fit into your broader security program? You can use our CIS Controls Navigator to see how they map to other security standards.

Access Our Tool Now

CIS Critical Security Controls Ambassadors

Our Ambassadors represent, speak for, volunteer on, and promote the CIS Critical Security Controls (CIS Controls), supporting resources, and tools.

Meet Our Ambassadors

Get the Latest Version of the CIS Controls Today!

CIS Controls v8 help you keep on top of your evolving workplace, the technology you need to support it, and the threats confronting those systems. It places specific emphasis on moving to a hybrid or fully cloud environment and managing security across your supply chain.

Download CIS Controls v8


Looking for the Previous Version?

CIS Controls v7.1 along with supporting tools and resources are available for download.

Note: CIS Controls v8 provides backwards compatibility with previous versions and a migration path for users of prior versions to move to v8.

CIS Controls logo

 

 

Join the CIS Controls Community

Use your expertise in risk, security, compliance, and elsewhere to contribute to the CIS Controls!

Join the Community

Discuss the Controls at the Safeguard Level

Join our free CIS Controls v8 global collaborative platform on CIS WorkBench.

Access CIS WorkBench

CIS Controls Accreditation

CIS Controls Accreditation offers CIS SecureSuite Members the ability to provide CIS Critical Security Controls implementation.

Learn More

Need Support?

Email us with any questions you might have at [email protected].