HomeCIS Critical Security ControlsCIS Critical Security Controls Version 8

CIS Critical Security Controls Version 8

The CIS Critical Security Controls (CIS Controls) are a prioritized set of CIS Safeguards to defend against the most prevalent cyber attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks.

Download CIS Controls v8

Want to learn more about the CIS Controls? Check out our video below.

CIS Controls v8 was enhanced to keep up with modern systems and software. Movement to cloud-based computing, virtualization, mobility, outsourcing, work from home, and changing attacker tactics prompted the update and supports an enterprise’s security as they move to both fully cloud and hybrid environments.

Our design principles included:

  • Offense Informs Defense
    • CIS Controls are selected, dropped, and prioritized based on data and on specific knowledge of attacker behavior and how to stop it.
  • Focus
    • Help defenders identify the most critical things they need to do to stop the most important attacks.
    • Avoid being tempted to solve every security problem — avoid adding “good things to do” or “things you could do.”
  • Feasible
    • All individual CIS Safeguards must be specific and practical to implement.
  • Measurable
    • All CIS Controls, especially for Implementation Group 1, must be measurable.
    • Simplify or remove ambiguous language to avoid inconsistent interpretation.
    • Some Safeguards may have a threshold.
  • Align
    • Create and demonstrate “peaceful co-existence” with other governance, regulatory, process management schemes, framework, and structures.
    • Cooperate with and point to existing, independent standards and security recommendations where they exist (e.g., National Institute of Standards and Technology® (NIST®), Cloud Security Alliance (CSA), Software Assurance Forum for Excellence in Code (SAFECode), MITRE ATT&CK®, and Open Web Application Security Project® (OWASP®)).

When you download v8, you will receive:

  • PDF
  • Excel
  • Change Log
  • Implementation Groups

Controls v8 is available in these translations:

  • Italian
  • Japanese
  • Portuguese

Have Questions? We're here to help. Go to Controls FAQs.


Document Download

Get the Latest Version of the CIS Controls Today!

CIS Controls v8.1 help you keep on top of your evolving workplace, the technology you need to support it, and the threats confronting those systems. It places specific emphasis on moving to a hybrid or fully cloud environment and managing security across your supply chain.

Download CIS Controls v8.1

Looking for other versions?

Version 8.1

CIS Controls v8.1 along with supporting tools and resources are available for download.

Learn more about CIS Controls v8.1
Version 7.1

CIS Controls v7.1 along with supporting tools and resources are available for download.

Learn more about CIS Controls v7.1

Explore CIS Controls Resources

Get access to CIS Controls companion guides, policy templates, mappings, and more.

Access Resources

Information Hub

CIS Controls

Blog Post05.15.2025
How Threat Modeling, Actor Attribution Grow Cyber Defenses
Read More
White Paper05.12.2025
Guide to Asset Classes: CIS Critical Security Controls v8.1
Read More
White Paper04.24.2025
The Cost of Cyber Defense: CIS Controls IG1
Read More
White Paper04.21.2025
CIS Controls v8.1 Mapping to NIS2 Directive 2022:2555
Read More