CIS Controls
The CIS Controls provide a prioritised set of actions that organisations can take to improve their cybersecurity posture and defend against cyber threats.
What are the CIS Critical Security Controls
The CIS Critical Security Controls (CIS Controls) are a set of internationally recognised guidelines designed to help organisations improve their cybersecurity posture. The CIS Controls cover 20 critical areas of focus, including inventory and control of hardware and software assets, continuous vulnerability management, and secure configuration of network devices.
Using CIS cybersecurity controls within your organisation
Embracing CIS cybersecurity controls within your organisation offers a multitude of invaluable benefits that bolster your overall cybersecurity resilience. These controls, meticulously curated by cybersecurity experts, provide a comprehensive and adaptable framework designed to address the ever-evolving threat landscape.
Protecting over 350 businesses for 20 years
Connect with a cyber security consultant to discuss how we can help secure your business
Enhanced Protection
CIS controls provide a robust framework to safeguard systems against cyber threats.
Improved Compliance
Aligning with CIS controls helps meet industry regulations and standards.
Risk Reduction
Implementing CIS controls minimises vulnerabilities, reducing the risk of cyber incidents.
Examples of some key CIS security controls include
The CIS Controls are divided into three main categories: Basic, Foundational, and Organisational. Each control within these categories plays a crucial role in enhancing your organisation’s cybersecurity posture by addressing specific aspects of risk management, threat detection, incident response, and overall resilience. These controls offer a structured and adaptable approach, allowing you to prioritise and implement measures that align with your organisation’s unique operational environment and risk profile.
Control 1: Inventory and Control of Hardware Assets
Ensuring that all hardware is authorised and tracked to prevent unauthorised devices from being added to the network.
Control 6: Maintenance, Monitoring, and Analysis of Audit Logs
Ensuring that all logs are collected and monitored regularly to detect any suspicious activity.
Control 11: Secure Configuration for Network Devices
Such as Firewalls, Routers, and Switches – ensuring that all network devices are securely configured to prevent unauthorised access.
Control 17: Implement a Security Awareness and Training Program
Ensuring that all employees receive regular security training to reduce the risk of human error and prevent social engineering attacks.
Cyber Security Solutions
Safeguard your business against cyber threats with the expertise of our dedicated team of cyber security specialists. Future-proof your brand with comprehensive cyber security solutions tailored to protect your assets and ensure secure operations.
Frequently asked questions
How many CIS Controls are there
Basic CIS security controls
Basic CIS security controls are the essential first steps to improving cybersecurity, forming a foundational framework that addresses fundamental vulnerabilities, enhances threat detection capabilities, and establishes a solid groundwork for a more comprehensive and resilient defence strategy.
Foundational CIS security controls
Foundational CIS security controls are considered the best practices for establishing a strong cybersecurity foundation, and serve as the cornerstone of a robust cybersecurity strategy, encompassing a set of vital measures designed to fortify an organisation’s digital infrastructure. By implementing these foundational controls, organisations establish a resilient baseline of protection, mitigating common threats and minimising potential avenues of exploitation.
Organisational CIS security controls
The Organisational controls help organisations to manage and sustain their cybersecurity program effectively by providing guidance and strategies that facilitate governance, risk management, continuous improvement, and a proactive culture of security awareness. These controls empower organisations to align cybersecurity efforts with business objectives, establish clear roles and responsibilities, develop incident response plans, and regularly assess and adapt security measures in response to evolving threats.
How to implement CIS Controls
Implementing the CIS Controls is a strategic process that involves a systematic approach to fortifying your organisation’s cybersecurity posture. Begin by conducting a thorough assessment of your existing security measures and identifying potential vulnerabilities specific to your operational environment. Prioritise the CIS Controls based on your risk profile and available resources. Next, collaborate with a team of cybersecurity experts to tailor these controls to your organisation’s needs, ensuring seamless integration and minimal disruption to daily operations. With their assistance you can develop a comprehensive implementation plan that outlines responsibilities, monitoring mechanisms and regular reviews.
What are the latest CIS Controls v8
The Center for Internet Security (CIS) periodically updates its security controls to reflect the evolving threat landscape and emerging technologies. The latest version is the CIS Controls v8, released in March 2021. The CIS Controls v8 comprises 18 high-level security controls that are mapped to specific security activities. Implementing the CIS Controls v8 can help organisations to improve their cyber security posture and reduce their risk of cyber threats. Organisations can also use the CIS Controls as a benchmark to measure their security maturity and identify areas for improvement.
What was changed in CIS controls version 8 release
CIS Controls version 8 is the latest release of the CIS Controls framework. The new version includes several updates and enhancements to the previous version, which was released in 2018. One significant change in version 8 is the reorganisation of the controls into three implementation groups based on risk and maturity level. The new implementation groups aim to provide organisations with more flexibility in implementing the controls based on their specific needs and risk levels.
Streamlining of CIS framework controls
Another major change is the reduction of controls, bringing the total to 18. Since complexity often obstructs security, the new controls aim to streamline focus on areas such as cloud security, supply chain risk management, and incident response. Additionally, version 8 includes updated guidance on implementing the controls and aligning them with other security frameworks such as NIST and ISO 27001. Overall, CIS Controls version 8 provides organisations with a more comprehensive and adaptable framework for improving their security posture.
Change from CIS Critical Security Controls to ‘CIS Controls’
The transition from ‘CIS Critical Security Controls’ to the simplified nomenclature of ‘CIS Controls’ signifies a strategic evolution in the approach to cybersecurity. This name change reflects a broader recognition of the controls’ comprehensive nature, emphasising their role as a holistic framework encompassing both fundamental and advanced security measures. The term ‘CIS Controls’ captures the essence of a multifaceted strategy designed to mitigate risks, detect threats, and respond effectively to an ever-changing cyber landscape. This transition not only streamlines communication but also underscores the significance of these controls in establishing a robust defence posture for organisations.
CIS controls explained
In the realm of cybersecurity, our toolkit brims with an assortment of security tools, technologies, training, certifications, standards, and practices. This array, supplemented by vulnerability databases, security controls, benchmarks, and recommendations, equips us to navigate a complex landscape. To comprehend evolving threats, we’ve welcomed innovations like security ratings, third-party assessments, data leak detection, and the NIST Cybersecurity Framework. Amid this, we’re surrounded by regulatory obligations like GDPR, LGPD, CCPA, FISMA, CPS 234, GLBA, PCI DSS, and PIPEDA, necessitating robust third-party risk management, vendor oversight, and sound risk assessment methodologies.
Despite this wealth of resources, the sheer volume of technology, information, and oversight introduces a multitude of options, priorities, and opinions, potentially diverting attention from the ultimate goal: fortifying defences and minimising vulnerabilities. As businesses grow, dependencies expand, threats mutate, and consumer expectations escalate, the significance of robust cybersecurity amplifies.
In this landscape, the CIS Controls emerge as a guiding compass, offering insights into critical risk management areas, optimal defensive strategies, risk program maturity tracking, attack analysis, tool selection, and alignment with regulatory frameworks. With the CIS Controls, we navigate these complexities, channeling our efforts towards closing attack vectors and reducing vulnerabilities, safeguarding our digital landscapes in an ever-evolving ecosystem.
Leveraging CIS framework controls
Leveraging CIS framework controls empowers organisations with a structured approach to fortifying their cybersecurity defences. These controls offer a systematic blueprint for addressing a spectrum of cyber risks, from basic security measures to more advanced strategies. By implementing CIS Framework Controls, organisations establish a comprehensive framework that not only identifies vulnerabilities but also guides the adoption of effective countermeasures.
This proactive stance allows businesses to detect threats early, respond swiftly, and maintain the integrity of their digital operations. With CIS framework controls as a guiding force, organisations can confidently navigate the intricate cybersecurity landscape, adapting and evolving their defence strategies to stay ahead of emerging threats and ensure a resilient digital environment.