HomeCIS Critical Security ControlsCIS Critical Security Controls Implementation Groups

CIS Critical Security Controls Implementation Groups

Implementation Groups (IGs) are the recommended guidance to prioritize implementation of the CIS Critical Security Controls (CIS Controls). In an effort to assist enterprises of every size, IGs are divided into three groups. They are based on the risk profile and resources an enterprise has available to them to implement the CIS Controls.

Each IG identifies a set of Safeguards (previously referred to as CIS Sub-Controls), that they need to implement. There is a total of 153 Safeguards in CIS Controls v8.

Every enterprise should start with IG1. IG1 is defined as “essential cyber hygiene,” the foundational set of cyber defense Safeguards that every enterprise should apply to guard against the most common attacks.

IG2 builds upon IG1, and IG3 is comprised of all the Controls and Safeguards.

 

 

Below is a list of the CIS Controls in v8, and how many Safeguards in each are applicable to each Implementation Group.

 

Information Hub

Press Release04.17.2024
Center for Internet Security Partners with State and Federal Cyber Experts to Offer Security Solutions for K-12 Schools
Read More
Blog Post04.15.2024
CIS Benchmarks April 2024 Update
Read More
Blog Post04.15.2024
CIS Benchmarks Volunteer Spotlight: Pierluigi Falcone
Read More
Blog Post04.15.2024
Balancing Your Healthcare Cybersecurity & Compliance Efforts
Read More