CIS Critical Security Controls Version 8
The CIS Critical Security Controls (CIS Controls) are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks. CIS Controls v8 has been enhanced to keep up with modern systems and software. Movement to cloud-based computing, virtualization, mobility, outsourcing, Work-from-Home, and changing attacker tactics prompted the update and supports an enterprise's security as they move to both fully cloud and hybrid environments.
Quick navigation - click a resource type to jump to that section
Learn about CIS Controls v8
Start by downloading the CIS Controls
The CIS Controls are a prioritized set of actions developed by a global IT community. This set of best practices is trusted by security leaders in both the private and public sector.
Download CIS Controls v8 (read FAQs)
Interested in seeing how others implement the CIS Controls?
Industry professionals and organizations all around the world utilize the CIS Controls to enhance their organization's cybersecurity posture. Check out recent case studies to learn more.
Read CIS Controls Case Studies
Tools and Resources
Assess your implementation of the CIS Controls
The CIS Controls Self-Assessment Tool, or CIS CSAT, is a free web application that enables security leaders to track and prioritize their implementation of the CIS Controls.
Access CIS CSAT
Cybersecurity is an evolving industry with an endless list of threat actors. The tools we use to stay safe and secure must be updated to match the current threat landscape. Find out how CIS Controls v8 was updated from v7.1.
Download CIS Controls v8 Change Log
CIS Controls v8 Implementation Groups
Implementation Groups (IGs) provide a simple and accessible way to help organizations of different classes focus their scarce security resources, and still leverage the value of the CIS Controls program, community, and complementary tools and working aids.
Download the Implementation Groups Handout
Assess your risk with CIS RAM
CIS Risk Assessment Method is a free information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
Download CIS RAM
CIS Controls v8 Exploited Protocols Server Message Block (SMB)
The purpose of this guide is to focus on direct mitigations for SMB, as well as which best practices an enterprise can put in place to reduce the risk of an SMB-related attack.
Download the SMB Guide
CIS Controls v8 Multimedia Resources
Listen to the CIS Cybersecurity Where You Are Podcast or watch one of our webinars on-demand related to the CIS Controls v8 release.
- [Webinar] Welcome to CIS Controls v8: Hosted by CIS
- [Webinar] Securing Your Cloud Infrastructure with CIS Controls v8: Hosted by CIS, Cloud Security Alliance, and SAFECode
- Cybersecurity Where You Are Podcast Episode 7: CIS Controls v8...It’s Not About the List
- Cybersecurity Where You Are Podcast Episode 8: CIS Controls v8...First Impressions
In this document, we provide guidance on how to apply the security best practices found in CIS Controls v8 to mobile environments. Organizations will be able to break down and map the applicable CIS Controls and their implementation in mobile environments.
Download Mobile Companion Guide
Internet of Things (IoT)
In this document, we provide guidance on how to apply the security best practices found in CIS Controls v8 to IoT environments.
Download Internet of Things Companion Guide
Community Defense Model v2.0
Download the Community Defense Model v2.0 Guide
CIS Controls v8 Mappings
Download individual mappings below or visit our CIS Controls Navigator for all mappings to CIS Controls v8.
- AICPA Trust Services Criteria (SOC2)
- Cybersecurity Maturity Model Certification (CMMC) v1.0
- Cloud Security Alliance Cloud Control Matrix (CSA CCM)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- ISACA COBIT 19
- NIST CSF
- NIST Special Publication 800-53 Rev.5
- NIST Special Publication 800-171 Rev.2
- Payment Card Industry (PCI)
CIS Controls v8 Translations
The CIS Controls v8 have been translated into the following languages: