CIS 20 Critical Controls

BASIC Controls

Key controls which should be implemented in every organization for essential cyber defense readiness.

CIS 1

Inventory and Control of Hardware Assets

Learn more

CIS 2

Inventory and Control of Software Assets

Learn more

CIS 3

Continuous Vulnerability Management

Learn more

CIS 4

Controlled Use of Administration Privileges

Learn more

CIS 5

Secure Configuration for Hardware & Software on Mobile Devices, Laptops, Workstations & Servers

Learn more

CIS 6

Maintenance, Monitoring & Analysis of Audit Logs

Learn more

FOUNDATIONAL Controls

Technical best practices provide clear security benefits and are a smart move for any organization to implement.

CIS 7

Email and Web Browser Protections

Learn more

CIS 8

Malware Defenses

Learn more

CIS 9

Limitation and Control of Network Ports, Protocols & Services

Learn more

CIS 10

Data Recovery Capabilities

Learn more

CIS 11

Secure Configuration for Network Devices

Learn more

CIS 12

Boundary Defense

Learn more

CIS 13

Data Protection

Learn more

CIS 14

Controlled Access Based on the Need to Know

Learn more

CIS 15

Wireless Access Control

Learn more

CIS 16

Account Monitoring and Control

Learn more

ORGANIZATIONAL Controls

These controls are more focused on people and processes involved in cybersecurity.

CIS 17

Implement a Security Awareness Program

Learn more

CIS 18

Application Software Security

Learn more

CIS 19

Incident Response and Management

Learn more

CIS 20

Penetration Tests and Red Team Exercises

Learn more