CIS Top 20 is a collection of the top cybersecurity best practices and actions designed to counter or eliminate the most common cyberthreats to your organization. This framework contains 20 effective cybersecurity actions categorized across three levels: basic, foundational, and organizational.

The following Controls are included in the CIS Top 20 Controls Framework:

Basic CIS Controls: Inventory and Control of Hardware Assets, Inventory and Control of Software Assets, Continuous Vulnerability Management, Controlled Use of Administrative Privileges, Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers, and Maintenance, Monitoring and Analysis of Audit Logs.

Foundational CIS Controls: Email and Web Browser Protections, Malware Defenses, Limitation and Control of Network Ports, Protocols and Services, Data Recovery Capabilities, Secure Configuration for Network Devices, such as Firewalls, Routers and Switches, Boundary Defense, Data Protection, Controlled Access Based on the Need to Know, Wireless Access Control, and Account Monitoring and Control.

Organizational CIS Controls: Implement a Security Awareness and Training Program, Application Software Security, Incident Response and Management, and Penetration Tests and Red Team Exercises.

How It Works

CIS Top 20 allows you to establish a measured, step-by-step approach to establishing greater security maturity and hygiene throughout your organization.

Begin securing your organization against the greatest cyberthreats by accessing the CIS Top 20 Controls Framework through the Risk Cloud Controls Repository.

Why You Need It

• Establish proven world-class cybersecurity best practices to safeguard vulnerable areas of your operation
• Assure your prospects, partners, and vendors that their information, data, and digital assets are well protected
• Optimize your cybersecurity budget and ensure you get the best return on investment