CIS critical security controls are an essential part of an organization’s overall security strategy. They provide a framework for developing security policies and procedures, as well as for assessing and mitigating risk.
The CIS critical security controls are designed to address common security issues that organizations face, such as unauthorized access, data loss, and malicious software. They involve a combination of technical, procedural, and administrative measures which help organizations reduce their risk of cyber attacks and data breaches.
CIS Control 1: Inventory and Control of Enterprise Assets
CIS Control 2: Inventory and Control of Software Assets
CIS Control 3: Data Protection
CIS Control 4: Secure Configuration of Enterprise Assets and Software
CIS Control 5: Account Management
CIS Control 6: Access Control Management
CIS Control 7: Continuous Vulnerability Management
CIS Control 8: Audit Log Management
CIS Control 9: Email and Web Browser Protections
CIS Control 10: Malware Defenses
CIS Control 11: Data Recovery
CIS Control 12: Network Infrastructure Management
CIS Control 13: Network Monitoring and Defense
CIS Control 14: Security Awareness and Skills Training
CIS Control 15: Service Provider Management
CIS Control 16: Application Software Security
CIS Control 17: Incident Response Management
CIS Control 18: Penetration Testing