Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


Secure Your Organization

Secure Specific Platforms

U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers


Secure Your Organization


Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

CIS Community Defense Model

This paper presents the CIS Community Defense Model (CDM)—our way to bring more rigor, analytics, and transparency to the security recommendations found in the CIS Controls. The CDM leverages the open availability of comprehensive summaries of attacks and security incidents (e.g., the Verizon Data Breach Investigations Report DBIR), and the industry-endorsed ecosystem that is developing around the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Model. In particular, the ATT&CK Model comprehensively lists the Tactics used by attackers (roughly, the steps in an attack) as well as the many Techniques that an attacker could use at each step (Tactic).


The CIS CDM was constructed using the following process:
  • From the Verizon DBIR and other sources, we identified the five most important attack types we want to defend against: Web-Application Hacking, Insider and Privilege Misuse, Malware, Ransomware, and Targeted Intrusions.
  • For each type of attack, we determined an attack pattern - the set of ATT&CK Model Techniques required to execute the Tactics used in that attack.
  • We identified the specific security value of Safeguards in the CIS Controls against the Techniques found in each attack. We did this by going through the class of Mitigations associated with each Technique.
  • We then stood back to examine the security value (in terms of mitigating attacks) of implementing the Sub-Controls comprising the CIS Controls.