Welcome to the CIS Controls

The Center for Internet Security (CIS) presents the CIS Controls for Effective Cyber Defense Version 6.0, a recommended set of actions that provide specific and actionable ways to stop today's most pervasive and dangerous cyber attacks.

The CIS Controls are especially relevant because they are updated by cyber experts based on actual attack data pulled from a variety of public and private threat sources. Version 6 incorporates recommended changes from the cybersecurity community to reflect the latest technologies and threats. The new Controls include a new Control for "Email and Web Browser Protections," a deleted Control on "Secure Network Engineering," and a re-ordering to make "Controlled Use of Administration Privileges" higher in priority. This version also includes a new metrics companion guide.

CIS Controls Version 6.0 (PDF)
Download the entire CIS Controls for Effective Cyber Defense Version 6.0 document in a PDF file complete with narrative background.

CIS Controls Japanese Version 6.0 (PDF)
Download the Japanese Version of the the entire CIS Controls for Effective Cyber Defense Version 6.0 in a PDF file complete with narrative background.*

CIS Controls Version 6.0 Lithuanian Poster (PDF)
Download a CIS Controls for Effective Cyber Defense Version 6.0 poster translated into Lithuanian.*

CIS Controls Version 6.0 (Excel Spreadsheet)
This is a spreadsheet version of all of the 6.0 CIS Controls and sub-Controls.

CIS Controls Measurement Companion Guide (PDF)
This document provides guidance on how to measure the effectiveness and implementation of the CIS Controls

CIS Controls Change Log (Excel Spreadsheet)
This Change Log tracks the revisions from Controls Version 5.1 to Version 6.

CIS Controls Internet of Things Companion Guide (PDF) This Companion Addresses challenges and issues related to implementing secure IOT networks

CIS Controls Mobile Security Companion (PDF)
This Document offers guidance for applying the CIS Controls to mobile devices

CIS Controls Privacy Companion (PDF)
This guide provides a possible outline for developing a privacy impact assessment based on the CIS controls

CIS Controls Champion's License
To enable companies and individuals to use the Center for Internet Security Critical Security Controls for Effective Defense Version 6.0 for commercial purposes such as auditing, consulting, training, product development and other uses, the Center for Internet Security offers the CIS Controls Champion's License.

The CIS Controls are a set of internationally recognized measures developed, refined, and validated by leading IT security experts from around the world. The CIS Controls represent the most important cyber hygiene actions every organization should implement to protect their IT networks. In fact, a study by the Australian government indicates that 85% of known vulnerabilities can be stopped by deploying the Top 5 CIS Controls. This includes taking an inventory of IT assets, implementing secure configurations, patching vulnerabilities, and restricting unauthorized users.

Contact Us

*The Center for Internet Security (CIS) provides certain translated versions of the CIS Critical Security Controls (CIS Controls) for your convenience . These translations of the CIS Controls were graciously created by volunteers of the Controls community, not by CIS. As such, CIS does not attest to the accuracy of these translations and does not assume any responsibility for their content. The only official version of the CIS Controls Version 6.0 is the PDF download in English. If you would like to help the global Controls community by translating the CIS Controls into another language and have it available on this website for download, please contact us at controlsinfo@cisecurity.org.