Aligning frameworks like the CIS Critical Security Controls with the NIST Cybersecurity Framework (CSF) is a good idea for organizations to assess and strengthen their security posture. The intersection of these frameworks helps to further prioritize efforts and understand how specific CIS controls support broader cybersecurity goals.
- Govern: 13 controls, 25 safeguards, 3 asset types
- Identify: 8 controls, 14 safeguards, 4 asset types
- Protect: 16 controls, 78 safeguards, 5 asset types
- Detect: 9 controls, 25 safeguards, 4 asset types
- Respond: 4 controls, 6 safeguards, 3 asset types
- Recover: 2 controls, 6 safeguards, 3 asset types
Use Cases:
- Visualize how the CSF functions overlay the CIS controls.
- Correlate CSF functions to CIS implementation groups.
- Provide estimated level of effort by CSF function.