HomeCIS Critical Security ControlsCIS Critical Security Controls Implementation GroupsCIS Controls Implementation Group 3

CIS Critical Security Controls Implementation Group 3

 

Implementation Groups (IGs) are the recommended guidance to prioritize implementation of the CIS Critical Security Controls (CIS Controls).

IG3 is comprised of an additional 23 Safeguards. It builds upon the Safeguards identified in IG1 (56) and IG2 (74) totaling the 153 Safeguards in CIS Controls v8.

An IG3 enterprise commonly employs security experts that specialize in the different facets of cybersecurity (e.g., risk management, penetration testing, application security). IG3 assets and data contain sensitive information or functions that are subject to regulatory and compliance oversight. An IG3 enterprise must address availability of services and the confidentiality and integrity of sensitive data. Successful attacks can cause significant harm to the public welfare.

Safeguards selected for IG3 must abate targeted attacks from a sophisticated adversary and reduce the impact of zero-day attacks.

Below is a list of the CIS Controls in v8, and how many Safeguards in each are applicable to each Implementation Group.

Information Hub

CIS Controls

Blog Post04.15.2024
CIS Benchmarks Volunteer Spotlight: Pierluigi Falcone
Read More
Press Release03.06.2024
Making a Difference and Building Capacity in 2023
Read More
White Paper02.29.2024
CIS Controls v8 Mapping to NIST CSF 2.0
Read More
White Paper02.29.2024
CIS 2023 Year in Review
Read More