# CIS Controls

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
CIS Center for Internet Security
CSC Critical Security Controls (formerly)
IG Implementation Group

# Overview

The CIS Controls (formerly referred to as the Critical Security Controls) are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks.

# Implementation Groups

Implementation Groups (IGs) are the recommended guidance to prioritize implementation of the CIS Controls. In an effort to assist enterprises of every size, IGs are divided into three groups. They are based on the risk profile and resources an enterprise has available to them to implement the CIS Controls.

An IG1 enterprise is small to medium-sized with limited IT and cybersecurity expertise to dedicate towards protecting IT assets and personnel.

An IG2 enterprise employs individuals responsible for managing and protecting IT infrastructure.

An IG3 enterprise employs security experts that specialize in the different facets of cybersecurity (e.g., risk management, penetration testing, application security).

# Controls

Number Name
Control 01 Inventory and Control of Enterprise Assets
Control 02 Inventory and Control of Software Assets
Control 03 Data Protection
Control 04 Secure Configuration of Enterprise Assets and Software
Control 05 Account Management
Control 06 Access Control Management
Control 07 Continuous Vulnerability Management
Control 08 Audit Log Management
Control 09 Email and Web Browser Protections
Control 10 Malware Defenses
Control 11 Data Recovery
Control 12 Network Infrastructure Management
Control 13 Network Monitoring and Defense
Control 14 Security Awareness and Skills Training
Control 15 Service Provider Management
Control 16 Application Software Security
Control 17 Incident Response Management
Control 18 Penetration Testing

# Noteworthy

  • The CIS Controls contain 18 controls.

# Sources