Center for Internet Security (CIS) Security Controls v8.1 Data Table

CIS Controls

Written by

jeff.monroe

in

The CIS Security Controls provide a prioritized framework to enhance cybersecurity. This framework consists of 18 controls, empowering organizations to strengthen their security posture.

  • 01: Inventory and Control of Enterprise Assets – Track and manage all hardware assets to prevent unauthorized access.
  • 02: Inventory and Control of Software Assets – Monitor and secure software to ensure only authorized applications are used.
  • 03: Data Protection – Safeguard sensitive data through encryption, access controls, and backups.
  • 04: Secure Configuration of Enterprise Assets and Software – Establish secure settings for hardware and software to reduce vulnerabilities.
  • 05: Account Management – Manage user and admin accounts to limit unauthorized access.
  • 06: Access Control Management – Restrict access to systems and data based on user roles and needs.
  • 07: Continuous Vulnerability Management – Identify, prioritize, and remediate vulnerabilities in systems and software.
  • 08: Audit Log Management – Collect and analyze logs to detect and respond to security incidents.
  • 09: Email and Web Browser Protections – Secure email and browsers to prevent phishing and malware attacks.
  • 10: Malware Defenses – Deploy and maintain anti-malware tools to detect and block malicious code.
  • 11: Data Recovery – Ensure data backups and recovery processes to maintain operations post-incident.
  • 12: Network Infrastructure Management – Secure network devices and configurations to prevent unauthorized access.
  • 13: Network Monitoring and Defense – Monitor network traffic to detect and respond to threats in real-time.
  • 14: Security Awareness and Skills Training – Train employees to recognize and respond to security threats.
  • 15: Service Provider Management – Manage third-party vendors to ensure their security practices align with yours.
  • 16: Application Software Security – Securely develop and maintain applications to prevent exploitable flaws.
  • 17: Incident Response Management – Establish processes to identify, respond to, and recover from security incidents.
  • 18: Penetration Testing – Conduct regular tests to identify and address security weaknesses.

Key Concepts

  • Safeguards: Specific measures within each control to mitigate cybersecurity risks.
  • Asset Types: Categories of resources protected by controls.
  • Implementation Groups (IG): Tiers of prioritized controls based on organization size and maturity.

Data Summary:

  • 18 controls
  • 153 safeguards
  • 6 asset types

CIS Controls data table:

  • Drill down from control to safeguard.
  • Isolate and prioritize by implementation group.
  • Isolate and plan by asset type.

More posts

© Copyright 2025. All rights reserved.