CIS Controls is a collection of the top cybersecurity best practices and actions designed to counter or eliminate the most common cyberthreats to your organization. This framework contains effective cybersecurity actions categorized across three levels: basic, foundational, and organizational.
The following Controls are included in the CIS Controls Framework:
Basic CIS Controls: Inventory and Control of Hardware Assets, Inventory and Control of Software Assets, Continuous Vulnerability Management, Controlled Use of Administrative Privileges, Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers, and Maintenance, Monitoring and Analysis of Audit Logs.
Foundational CIS Controls: Email and Web Browser Protections, Malware Defenses, Limitation and Control of Network Ports, Protocols and Services, Data Recovery Capabilities, Secure Configuration for Network Devices, such as Firewalls, Routers and Switches, Boundary Defense, Data Protection, Controlled Access Based on the Need to Know, Wireless Access Control, and Account Monitoring and Control.
Organizational CIS Controls: Implement a Security Awareness and Training Program, Application Software Security, Incident Response and Management, and Penetration Tests and Red Team Exercises.
CIS Controls allows you to establish a measured, step-by-step approach to establishing greater security maturity and hygiene throughout your organization.
Begin securing your organization against the greatest cyberthreats by accessing the CIS Controls Framework through the Risk Cloud Controls Repository.