#
CIS Controls
#
Acronyms, Abbreviations, and Initialisms
#
Overview
The CIS Controls (formerly referred to as the Critical Security Controls) are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks.
#
Implementation Groups
Implementation Groups (IGs) are the recommended guidance to prioritize implementation of the CIS Controls. In an effort to assist enterprises of every size, IGs are divided into three groups. They are based on the risk profile and resources an enterprise has available to them to implement the CIS Controls.
An IG1 enterprise is small to medium-sized with limited IT and cybersecurity expertise to dedicate towards protecting IT assets and personnel.
An IG2 enterprise employs individuals responsible for managing and protecting IT infrastructure.
An IG3 enterprise employs security experts that specialize in the different facets of cybersecurity (e.g., risk management, penetration testing, application security).
#
Controls
#
Noteworthy
- The CIS Controls contain 18 controls.
#
Sources
- https://www.sans.org/blog/cis-controls-v8
- https://www.cisecurity.org/controls/v8
- https://www.cisecurity.org/controls/implementation-groups