HomeCIS Critical Security ControlsPolicy Templates

Policy Templates


CIS assembled a working group of policy experts to develop the information security policy templates. These policy templates align with CIS Controls v8 and v8.1, enabling enterprises to formalize their efforts around addressing the Safeguards in Implementation Group 1 (IG1). They cater exclusively to IG1 Safeguards; they do not address Implementation Group 2 (IG2) or Implementation Group 3 (IG3) Safeguards.

Learn More

 

Acceptable Use Policy Template for the CIS Controls

This template can assist an enterprise in developing acceptable use for the CIS Controls.
Download the template for v8

Enterprise Asset Management Policy Template for CIS Control 1

This template can assist an enterprise in developing an enterprise asset management policy.
Download the template for v8
Download the template for v8.1

Software Asset Management Policy Template for CIS Control 2

This template can assist an enterprise in developing a software asset management policy.
Download the template for v8
Download the template for v8.1 

Data Management Policy Template for CIS Control 3

This template can assist an enterprise in developing a data management policy.
Download the template for v8
Download the template for v8.1

Secure Configuration Management Policy Template for CIS Control 4, 9, and 12

This template can assist an enterprise in developing a secure configuration management policy.

Download the template for v8
Download the template for v8.1

Account and Credential Management Policy Template for CIS Controls 5 and 6

This template can assist an enterprise in developing an account and credential management policy.
Download the template for v8

Vulnerability Management Policy Template for CIS Control 7

This template can assist an enterprise in developing a data management policy.
Download the template for v8
Download the template for v8.1 

Audit Log Management Policy Template for CIS Control 8

This template can assist an enterprise in developing an audit log management policy.
Download the template for v8
Download the template for v8.1

Malware Defense Policy Template for CIS Control 10

This template can assist an enterprise in developing a malware defense policy.
Download the template for v8

Data Recovery Policy Template for CIS Control 11

This template can assist an enterprise in developing a data recovery policy.
Download template for v8

Security Awareness Skills Training Policy Template for CIS Control 14

This template can assist an enterprise in developing a security awareness skills training policy.
Download template for v8
Download the template for v8.1 

Service Provider Management Policy Template for CIS Control 15

This template can assist an enterprise in developing a service provider management policy.
Download the template for v8
Download the template for v8.1 

Incident Response Policy Template for CIS Control 17

This template can assist an enterprise in developing an incident response policy.
Download template for v8
Download the template for v8.1

 

 


Get the Latest Version of the CIS Controls

Download CIS Controls v8.1

Need Support?

Email us with any questions you might have at [email protected].

 

Information Hub

CIS Controls

Press Release10.23.2025
CIS, SAFECode Launch Secure by Design Guide to Help Developers Meet National Software Security Expectations
Read More
White Paper10.23.2025
Secure by Design: A Guide to Assessing Software Security Practices
Read More
White Paper10.22.2025
CIS Controls v8.1 Enterprise Asset Management Policy Template
Read More
White Paper10.20.2025
CIS Audit Log Management Policy Template
Read More