Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

CIS Community Defense Model for CIS Controls v7.1

This paper presents the CIS Community Defense Model (CDM)—our way to bring more rigor, analytics, and transparency to the security recommendations found in CIS Controls. The CDM leverages the open availability of comprehensive summaries of attacks and security incidents (e.g., the Verizon Data Breach Investigations Report DBIR), and the industry-endorsed ecosystem that is developing around the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Model. In particular, the ATT&CK Model comprehensively lists the Tactics used by attackers (roughly, the steps in an attack) as well as the many Techniques that an attacker could use at each step (Tactic).


The CIS CDM was constructed using the following process:
  • From the Verizon DBIR and other sources, we identified the five most important attack types we want to defend against: Web-Application Hacking, Insider and Privilege Misuse, Malware, Ransomware, and Targeted Intrusions.
  • For each type of attack, we determined an attack pattern - the set of ATT&CK Model Techniques required to execute the Tactics used in that attack.
  • We identified the specific security value of Safeguards in the CIS Controls against the Techniques found in each attack. We did this by going through the class of Mitigations associated with each Technique.
  • We then stood back to examine the security value (in terms of mitigating attacks) of implementing the Sub-Controls comprising CIS Controls v7.1.