CIS Critical Security Controls v7.1

CIS Critical Security Controls v8 is now available

The CIS Critical Security Controls (CIS Controls) have been updated to keep up with the ever-changing cyber ecosystem. CIS Controls v8 has been enhanced to keep up with modern systems and software. Movement to cloud-based computing, virtualization, mobility, outsourcing, Work-from-Home, and changing attacker tactics prompted the update and supports an enterprise’s security as they move to both fully cloud and hybrid environments. Learn more about CIS Controls v8.

Still need CIS Controls v7.1? Below you’ll find documents and resources to aid your implementation.

Quick navigation – click a resource type to jump to that section

 

Learn about CIS Controls v7.1

Tools and Resources

Companion Guides for CIS Controls v7.1

CIS Controls v7.1 Mappings

CIS Controls v7.1 Translations

 

Learn about CIS Controls v7.1

 

Start by downloading the CIS Controls

The CIS Controls are a prioritized set of actions developed by a global IT community. They help protect organizations and their data from known cyber attack vectors. This set of best practices is trusted by security leaders in both the private and public sector and help defeat over 85% of common attacks.
Download CIS Controls v7.1 (read FAQs)

Learn how the CIS Controls are developed

In an ever-growing mix of hundreds of potential cybersecurity concerns and even more proposed solutions, CIS applies the Pareto Principle – the concept that for many activities, roughly 80% of the effects come from 20% of the causes– to help prioritize cybersecurity actions.
Download A Prioritized Approach using the Pareto Principle

Interested in seeing how others implement the CIS Controls?

Industry professionals and organizations all around the world utilize the CIS Controls to enhance their organization’s cybersecurity posture. Check out recent case studies to learn more.
Read CIS Controls Case Studies

CIS Controls v7 Poster

Learn about the basic, foundational, and organizational breakdown of the CIS Controls along with 5 keys for building a cybersecurity program with this downloadable poster.
Download CIS Controls v7 Poster

 

Tools and Resources

 

Assess your implementation of the CIS Controls

The CIS Controls Self-Assessment Tool, or CIS CSAT, is a free web application that enables security leaders to track and prioritize their implementation of the CIS Controls.
Access CIS CSAT

Measure your application of the CIS Controls v7.1 Implementation Group 1

The CIS Controls Assessment Module helps organizations measure their application of the CIS Controls v7.1 Implementation Group 1 in Windows 10 environments.
Read more about CIS Controls Assessment Module

Access the Business Impact Analysis tool

The Ransomware Business Impact Analysis tool applies scores for ransomware-related Controls to estimate an enterprise’s likelihood of being affected by a ransomware attack. Those who have already started an assessment using CIS-Hosted CSAT can import the scores from that assessment.

Assess your risk with CIS RAM

CIS Risk Assessment Method is a free information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls™ cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
Download CIS RAM(read FAQs)

What’s changed?

Cybersecurity is an evolving industry with an endless list of threat actors. The tools we use to stay safe and secure must be updated to match the current threat landscape. Find out how CIS Controls v7  was updated from v6.1.
Download CIS Controls v7 Change Log

Look at measures and metrics

Want to see how well your organization is implementing the CIS Controls?
Download CIS Controls v7 Measures & Metrics

Learn how the CIS Controls v7.1 break into Implementation Groups

Discover the CIS Sub-Controls in Implementation Groups that help organizations of different classes focus their security resources.
Download CIS Controls v7.1 Implementation Groups

 

Companion Guides

 

Small- or Medium-Sized Enterprises (SME)

This guide seeks to empower the owners of small and medium-sized enterprises (SMEs) to help them protect their businesses with a small number of high priority actions based on the CIS Controls – a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities.
Download SME Guide

Industrial Controls System (ICS) Environments

On this document, we provide guidance on how to apply the security best practices found in CIS Controls v7 to ICS environments. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
Download ICS Guide

Cloud Environments

In this document, we provide guidance on how to apply the security best practices found in CIS Controls v7 to any cloud environment from the consumer/customer perspective. For each top-level CIS Control, there is a brief discussion of how to interpret and apply the CIS Control in such environments, along with any unique considerations or differences from common IT environments.
Download Cloud Companion Guide and track your progress with a downloadable spreadsheet

Mobile Devices

In this document, we provide guidance on how to apply the security best practices found in CIS Controls v7 to mobile environments. The CIS Controls Mobile Companion Guide helps organizations implement the consensus-developed best practices using CIS Controls v7 for phones, tablets, and mobile applications.
Download Mobile Companion Guide and track your progress with a downloadable spreadsheet

Internet of Things (IoT)

In this document, we provide guidance on how to apply the security best practices found in CIS Controls v7.1 to IoT environments.
Download Internet of Things Companion Guide and track your progress with a downloadable spreadsheet

Microsoft Windows 10 Environment

In this document, we offer practical guidance on cyber hygiene for Microsoft Windows 10 users.
Download Microsoft Windows 10 Cyber Hygiene Guide and track your progress with a downloadable spreadsheet
CIS Hardware and Software Asset Tracking Spreadsheet (English)
CIS Hardware and Software Asset Tracking Spreadsheet (Arabic)

CIS Controls Telework and Small Office Network Security Guide

This Guide is meant to assist individuals and organizations in securing commodity routers, modems, and other network devices. Securing these devices is important as there are serious cybersecurity considerations surrounding the usage of network devices.
Download the Telework and Small Office Network Security Guide

Exploited Protocols: Remote Desktop Protocol (RDP)

Telecommuting has always presented challenges, balancing security with usability. Open-source reports indicate that Remote Desktop Protocol (RDP) usage jumped an estimated 41% when COVID-19 struck. The purpose of this guide is to provide an overview of what RDP is, the attacks associated with this protocol, and how an organization can best protect itself against an RDP-based attack.
Download the Exploited Protocols: Remote Desktop Protocol (RDP) Guide

Community Defense Model

The CDM leverages the open availability of comprehensive summaries of attacks and security incidents (e.g., the Verizon Data Breach Investigations Report DBIR), and the industry-endorsed ecosystem that is developing around the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Model. In particular, the ATT&CK Model comprehensively lists the Tactics used by attackers (roughly, the steps in an attack) as well as the many Techniques that an attacker could use at each step (Tactic).
Download the Community Defense Model Guide
 

Establishing Essential Cyber Hygiene Through a Managed Service Provider

Small and medium enterprises often face the need to outsource their information technology infrastructure and services. Managed Service Providers (MSPs) offer the ideal solution of providing the services at an affordable cost and allow enterprises to focus on other aspects of their operations.
Download Establishing Essential Cyber Hygiene Through a Managed Service Provider White Paper

 

CIS Controls v7.1 Mappings

 

These spreadsheets provide information on the organization’s requirements and how they map to CIS Controls v7.1. Download individual mappings below or visit our CIS Controls Navigator for all mappings to CIS Controls.

 

 

 

 

 

CIS Controls v7.1 Translations

The CIS Controls v7 have been translated into the following languages:

  • Spanish
  • Lithuanian
  • Italian
  • Japanese
  • Estonian

Download a translation